Safety Is Not Universal: The Selective Safety Trap in LLM Alignment (2026.findings-acl)
Copied to clipboard
Iago Alves Brito, Walcy Rios, Julia Soares Dollis, Diogo Fernandes Costa Silva, Arlindo Rodrigues Galvão Filho
| Challenge: | Existing safety evaluations of large language models aggregate harms under generic categories such as "Identity Hate" a bilingual benchmark identifies a selective safety trap, where defense rates vary by up to 42% within the same model solely based on the target group. |
| Approach: | They propose a bilingual adversarial benchmark to audit selective safety in large language models . defense rates vary by up to 42% within the same model solely based on target group . |
| Outcome: | The proposed benchmark identifies a selective safety trap in large language models . defense rates vary by up to 42% within the same model solely based on the target group. |
Similar Papers
Towards Understanding the Fragility of Multilingual LLMs against Fine-Tuning Attacks (2025.findings-naacl)
Copied to clipboard
| Challenge: | Recent advances in Large Language Models have sparked concerns about their safety. |
| Approach: | They propose a method to identify safety-related information in the model parameter space . they propose to use a few adversarially chosen examples to fine-tune LLMs . |
| Outcome: | The proposed method can break safety alignment in multilingual LLMs using a few examples . it also shows that the proposed method jailbreaks LLM models adapted to new languages . |
Do Large Language Models Reflect Demographic Pluralism in Safety? (2026.findings-eacl)
Copied to clipboard
Usman Naseem, Gautam Siddharth Kashyap, Sushant Kumar Ray, Rafiq Ali, Ebad Shabbir, Abdullah Mohammad
| Challenge: | Existing datasets that focus on demographics and safety are narrow in their annotator pools. |
| Approach: | They propose to decouple value framing from responses by modeling pluralism directly at the prompt level. |
| Outcome: | Demo-SafetyBench decouples value framing from responses to model pluralism at the prompt level. |
Multitask-Bench: Unveiling and Mitigating Safety Gaps in LLMs Fine-tuning (2025.coling-main)
Copied to clipboard
| Challenge: | Recent advances in Large Language Models (LLMs) have led to their adoption across a wide range of tasks, ranging from code generation to machine translation and sentiment analysis. |
| Approach: | They propose to fine-tune LLMs on benign (non-harmful) data to ensure safe outputs. |
| Outcome: | The proposed model reduces attack success rates across a range of tasks without compromising its usefulness. |
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)
Copied to clipboard
| Challenge: | Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks . |
| Approach: | They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks . |
| Outcome: | a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say . |
MPO: Multilingual Safety Alignment via Reward Gap Optimization (2025.acl-long)
Copied to clipboard
Weixiang Zhao, Yulin Hu, Yang Deng, Tongtong Wu, Wenxuan Zhang, Jiahe Guo, An Zhang, Yanyan Zhao, Bing Qin, Tat-Seng Chua, Ting Liu
| Challenge: | Existing preference learning methods for safety alignment are monolingual and struggle with noisy multilingual data. |
| Approach: | They propose a multilingual reward gaP optimization approach that leverages the well-aligned safety capabilities of the dominant language to improve safety alignment across multiple languages. |
| Outcome: | Extensive experiments on three LLMs, LLaMA-3.1, Gemma-2 and Qwen2.5, validate MPO’s efficacy in multilingual safety alignment without degrading general multilingual utility. |
The Language Barrier: Dissecting Safety Challenges of LLMs in Multilingual Contexts (2024.findings-acl)
Copied to clipboard
Lingfeng Shen, Weiting Tan, Sihao Chen, Yunmo Chen, Jingyu Zhang, Haoran Xu, Boyuan Zheng, Philipp Koehn, Daniel Khashabi
| Challenge: | Recent studies show that malicious prompt instructions could solicit objectionable content from LLMs. |
| Approach: | They compare how state-of-the-art LLMs respond to malicious prompts in different languages . they find that LLM's generate unsafe responses more often when a prompt is written in a lower-resource language . |
| Outcome: | The proposed model can generate unsafe responses more often when a malicious prompt is written in a lower-resource language, and less irrelevant responses when written in lower-source languages. |
Into the Gray Zone: Domain Contexts Can Blur LLM Safety Boundaries (2026.acl-long)
Copied to clipboard
Ki Sen Hung, Xi Yang, Chang Liu, Haoran Li, Kejiang Chen, Changxuan Fan, Tsun On Kwok, Weiming Zhang, Xiaomeng Li, Yangqiu Song
| Challenge: | a goal of LLM alignment is to balance usefulness with harmlessness, but this conflictes when knowledge serves both legitimate and malicious purposes. |
| Approach: | They propose a framework that combines safety-research contexts with adversarial interactions to exploit a vulnerability in Jargon queries. |
| Outcome: | a framework outperforms existing methods in analyzing Jargon queries, a study shows . it achieves 93% of attacks across seven models, while remaining useful, the authors say . |
Is Safety Standard Same for Everyone? User-Specific Safety Evaluation of Large Language Models (2025.findings-emnlp)
Copied to clipboard
Yeonjun In, Wonjoong Kim, Kanghoon Yoon, Sungchul Kim, Mehrab Tanjim, Sangwu Park, Kibum Kim, Chanyoung Park
| Challenge: | Extensive benchmarks evaluate LLM safety relying heavily on general standards . no benchmark datasets exist to evaluate the user-specific safety of LLMs . |
| Approach: | a new benchmark is designed to assess user-specific aspect of LLM safety . authors propose a simple remedy based on chain-of-thought to improve user-specified safety. |
| Outcome: | a new benchmark assesses the user-specific aspect of LLM safety . the proposed solution improves user-specified safety by chain-of-thought . |
Characterizing Selective Refusal Bias in Large Language Models (2026.findings-acl)
Copied to clipboard
| Challenge: | a recent study shows that safety guardrails in large language models can inadvertently introduce or reflect new biases as they may refuse to generate harmful content targeting some demographic groups and not others. |
| Approach: | They examine the selective refusal bias in large language models by examining demographics and responses. |
| Outcome: | The proposed model fails to defend against an indirect attack on previously refused groups in 89% of the trials. |
Jailbreaking Attacks vs. Content Safety Filters: How Far Are We in the LLM Safety Arms Race? (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing studies have focused on the models, neglecting the full deployment pipeline . previous studies have underestimated the practical success of these attacks . |
| Approach: | They evaluate the effectiveness of jailbreak attacks targeting LLM safety alignment . they highlight critical gaps and call for further refinement of detection accuracy and usability . |
| Outcome: | The proposed attacks can detect at least one safety filter across the entire deployment pipeline. |