Large language models are vulnerable to prompt-based attacks (jailbreaking) that circumvent safety mechanisms and elicit harmful content. This work proposes the THREAT framework, which formalizes adversarial prompt generation as a non-convex optimization problem for the first time. By integrating multi-agent collaborative reasoning, iterative adversarial search, and language model redirection techniques, THREAT efficiently produces highly stealthy jailbreaking prompts. Experimental results demonstrate that the method significantly outperforms existing attack strategies across multiple models and datasets, achieving higher attack success rates with lower computational overhead. Notably, fewer than 1% of the generated prompts are flagged as harmful—despite an original refusal rate of approximately 50%—thereby exposing previously undetected security vulnerabilities in current alignment approaches.

Large Language Models (LLMs) are widely deployed in diverse real-world settings, yet remain vulnerable to jailbreaking, where prompt-based attacks bypass safety filters. We present THREAT (Targeted Harmful generation via Reframing and Exploitation of Adversarial Tactics), a reasoning-driven framework that coordinates multiple LLMs in an iterative search loop to find textual jailbreak prompts. We formulate prompt discovery as a nonconvex optimization problem and provide an efficient solution that lowers runtime and improves attack effectiveness. Across diverse datasets and model architectures, THREAT delivers higher attack success rates with lower computational cost than prior methods. The crafted prompts were flagged as harmful in fewer than 1% of cases, compared with about 50% refusals for the corresponding unmodified prompts. These findings reveal previously undetected vulnerabilities in aligned LLMs and position THREAT as a practical tool for proactively strengthening the safety of foundation models.