This work addresses a critical vulnerability in large language model (LLM)-based educational assistants: their tendency to inadvertently disclose complete answers when interacting with adversarial students, thereby violating core pedagogical principles. For the first time, adversarial attacks are introduced into educational settings through the development and fine-tuning of learnable adversarial student agents that emulate realistic attack behaviors. The study systematically evaluates the robustness of diverse LLM teaching assistants under six education-specific attack strategies. Results reveal that current assistants are generally susceptible to such attacks, and the proposed adversarial agents effectively induce answer leakage. Notably, even simple defense mechanisms substantially enhance assistant robustness. This research establishes the first standardized benchmark for evaluating the security of educational AI systems and offers practical defensive strategies to mitigate adversarial exploitation.

Large Language Models (LLMs) are increasingly used in education, yet their default helpfulness often conflicts with pedagogical principles. Prior work evaluates pedagogical quality via answer leakage-the disclosure of complete solutions instead of scaffolding-but typically assumes well-intentioned learners, leaving tutor robustness under student misuse largely unexplored. In this paper, we study scenarios where students behave adversarially and aim to obtain the correct answer from the tutor. We evaluate a broad set of LLM-based tutor models, including different model families, pedagogically aligned models, and a multi-agent design, under a range of adversarial student attacks. We adapt six groups of adversarial and persuasive techniques to the educational setting and use them to probe how likely a tutor is to reveal the final answer. We evaluate answer leakage robustness using different types of in-context adversarial student agents, finding that they often fail to carry out effective attacks. We therefore introduce an adversarial student agent that we fine-tune to jailbreak LLM-based tutors, which we propose as the core of a standardized benchmark for evaluating tutor robustness. Finally, we present simple but effective defense strategies that reduce answer leakage and strengthen the robustness of LLM-based tutors in adversarial scenarios.