Large Language Models (LLMs) have emerged as powerful tools for diverse applications. However, their uniform token processing paradigm introduces critical vulnerabilities in instruction handling, particularly when exposed to adversarial scenarios. In this work, we identify and propose a novel class of vulnerabilities, termed Tool-Completion Attack (TCA), which exploits function-calling mechanisms to subvert model behavior. To evaluate LLM robustness against such threats, we introduce the Tool-Completion benchmark, a comprehensive security assessment framework, which reveals that even state-of-the-art models remain susceptible to TCA, with surprisingly high attack success rates. To address these vulnerabilities, we introduce Context-Aware Hierarchical Learning (CAHL), a sophisticated mechanism that dynamically balances semantic comprehension with role-specific instruction constraints. CAHL leverages the contextual correlations between different instruction segments to establish a robust, context-aware instruction hierarchy. Extensive experiments demonstrate that CAHL significantly enhances LLM robustness against both conventional attacks and the proposed TCA, exhibiting strong generalization capabilities in zero-shot evaluations while still preserving model performance on generic tasks. Our code is available at https://github.com/S2AILab/CAHL.

翻译：大型语言模型（LLMs）已成为多样化应用中的强大工具。然而，其统一的令牌处理范式在指令处理中引入了关键脆弱性，尤其在面临对抗性场景时。本研究识别并提出了一类新型脆弱性，称为工具完成攻击（TCA），该攻击利用函数调用机制颠覆模型行为。为评估LLMs对此类威胁的鲁棒性，我们引入了工具完成基准，这是一个全面的安全评估框架，揭示了即使最先进的模型仍易受TCA攻击，且攻击成功率惊人地高。为应对这些脆弱性，我们提出了上下文感知分层学习（CAHL），这是一种动态平衡语义理解与角色特定指令约束的精密机制。CAHL利用不同指令片段间的上下文关联，建立了一个鲁棒的、上下文感知的指令层次结构。大量实验表明，CAHL显著增强了LLMs对传统攻击及所提TCA的鲁棒性，在零样本评估中展现出强大的泛化能力，同时在通用任务上仍保持模型性能。我们的代码发布于https://github.com/S2AILab/CAHL。