Challenge: Existing safety evaluations of large language models aggregate harms under generic categories such as "Identity Hate" a bilingual benchmark identifies a selective safety trap, where defense rates vary by up to 42% within the same model solely based on the target group.
Approach: They propose a bilingual adversarial benchmark to audit selective safety in large language models . defense rates vary by up to 42% within the same model solely based on target group .
Outcome: The proposed benchmark identifies a selective safety trap in large language models . defense rates vary by up to 42% within the same model solely based on the target group.

Similar Papers

Towards Understanding the Fragility of Multilingual LLMs against Fine-Tuning Attacks (2025.findings-naacl)

Copied to clipboard

Challenge: Recent advances in Large Language Models have sparked concerns about their safety.
Approach: They propose a method to identify safety-related information in the model parameter space . they propose to use a few adversarially chosen examples to fine-tune LLMs .
Outcome: The proposed method can break safety alignment in multilingual LLMs using a few examples . it also shows that the proposed method jailbreaks LLM models adapted to new languages .
Do Large Language Models Reflect Demographic Pluralism in Safety? (2026.findings-eacl)

Copied to clipboard

Challenge: Existing datasets that focus on demographics and safety are narrow in their annotator pools.
Approach: They propose to decouple value framing from responses by modeling pluralism directly at the prompt level.
Outcome: Demo-SafetyBench decouples value framing from responses to model pluralism at the prompt level.
Multitask-Bench: Unveiling and Mitigating Safety Gaps in LLMs Fine-tuning (2025.coling-main)

Copied to clipboard

Challenge: Recent advances in Large Language Models (LLMs) have led to their adoption across a wide range of tasks, ranging from code generation to machine translation and sentiment analysis.
Approach: They propose to fine-tune LLMs on benign (non-harmful) data to ensure safe outputs.
Outcome: The proposed model reduces attack success rates across a range of tasks without compromising its usefulness.
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)

Copied to clipboard

Challenge: Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks .
Approach: They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks .
Outcome: a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say .
MPO: Multilingual Safety Alignment via Reward Gap Optimization (2025.acl-long)

Copied to clipboard

Challenge: Existing preference learning methods for safety alignment are monolingual and struggle with noisy multilingual data.
Approach: They propose a multilingual reward gaP optimization approach that leverages the well-aligned safety capabilities of the dominant language to improve safety alignment across multiple languages.
Outcome: Extensive experiments on three LLMs, LLaMA-3.1, Gemma-2 and Qwen2.5, validate MPO’s efficacy in multilingual safety alignment without degrading general multilingual utility.
The Language Barrier: Dissecting Safety Challenges of LLMs in Multilingual Contexts (2024.findings-acl)

Copied to clipboard

Challenge: Recent studies show that malicious prompt instructions could solicit objectionable content from LLMs.
Approach: They compare how state-of-the-art LLMs respond to malicious prompts in different languages . they find that LLM's generate unsafe responses more often when a prompt is written in a lower-resource language .
Outcome: The proposed model can generate unsafe responses more often when a malicious prompt is written in a lower-resource language, and less irrelevant responses when written in lower-source languages.
Into the Gray Zone: Domain Contexts Can Blur LLM Safety Boundaries (2026.acl-long)

Copied to clipboard

Challenge: a goal of LLM alignment is to balance usefulness with harmlessness, but this conflictes when knowledge serves both legitimate and malicious purposes.
Approach: They propose a framework that combines safety-research contexts with adversarial interactions to exploit a vulnerability in Jargon queries.
Outcome: a framework outperforms existing methods in analyzing Jargon queries, a study shows . it achieves 93% of attacks across seven models, while remaining useful, the authors say .
Is Safety Standard Same for Everyone? User-Specific Safety Evaluation of Large Language Models (2025.findings-emnlp)

Copied to clipboard

Challenge: Extensive benchmarks evaluate LLM safety relying heavily on general standards . no benchmark datasets exist to evaluate the user-specific safety of LLMs .
Approach: a new benchmark is designed to assess user-specific aspect of LLM safety . authors propose a simple remedy based on chain-of-thought to improve user-specified safety.
Outcome: a new benchmark assesses the user-specific aspect of LLM safety . the proposed solution improves user-specified safety by chain-of-thought .
Characterizing Selective Refusal Bias in Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: a recent study shows that safety guardrails in large language models can inadvertently introduce or reflect new biases as they may refuse to generate harmful content targeting some demographic groups and not others.
Approach: They examine the selective refusal bias in large language models by examining demographics and responses.
Outcome: The proposed model fails to defend against an indirect attack on previously refused groups in 89% of the trials.
Jailbreaking Attacks vs. Content Safety Filters: How Far Are We in the LLM Safety Arms Race? (2026.findings-acl)

Copied to clipboard

Challenge: Existing studies have focused on the models, neglecting the full deployment pipeline . previous studies have underestimated the practical success of these attacks .
Approach: They evaluate the effectiveness of jailbreak attacks targeting LLM safety alignment . they highlight critical gaps and call for further refinement of detection accuracy and usability .
Outcome: The proposed attacks can detect at least one safety filter across the entire deployment pipeline.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations