Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls

This Unit 42 report describes AdvJudge-Zero, an automated fuzzing tool that discovers stealthy, low-perplexity formatting and structural tokens that can manipulate LLM-based AI judges to bypass safety policies. The research details token discovery via next-token distributions, iterative logit-gap analysis, and isolation of decisive control elements, demonstrates high bypass success across multiple model categories, and warns of real-world impacts such as false approvals of harmful content and corrupted training labels while recommending adversarial training and AI security posture management.