Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search

Q: How reproducible is "Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search"?

Estimated time to first reproduction: a few days. Risk flags: No repository-level reproducibility signals are currently available, Estimate is based on paper-only reproduction flow. No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.

Q: What framework is used to implement "Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search"?

The primary implementation uses Hugging Face Transformers training guide.

Xun Huang, Simeng Qin, Xiaoshuang Jia, Ranjie Duan, Huanqian Yan, Zhitao Zeng, Fei Yang, Yang Liu, Xiaojun Jia

Published: Feb 26, 2026

No direct implementation yet

Evidence: Inferred

Domain fit: AI-core

Verified repos: 1

Core AI workload signals detected from paper context and implementation/artifact evidence.

Framework: Hugging Face Transformers training guide

Time to first repro: a few days

2 risk flags

arXiv PDF

As Large Language Models (LLMs) are increasingly used, their security risks have drawn increasing attention. Existing research reveals that LLMs are highly susceptible to jailbreak attacks, with effectiveness varying across language contexts. This paper investigates the role of classical Chinese in jailbreak attacks. Owing to its conciseness and obscurity, classical Chinese can partially bypass existing safety constr ...

Read full abstract

aints, exposing notable vulnerabilities in LLMs. Based on this observation, this paper proposes a framework, CC-BOS, for the automatic generation of classical Chinese adversarial prompts based on multi-dimensional fruit fly optimization, facilitating efficient and automated jailbreak attacks in black-box settings. Prompts are encoded into eight policy dimensions-covering role, behavior, mechanism, metaphor, expression, knowledge, trigger pattern and context; and iteratively refined via smell search, visual search, and cauchy mutation. This design enables efficient exploration of the search space, thereby enhancing the effectiveness of black-box jailbreak attacks. To enhance readability and evaluation accuracy, we further design a classical Chinese to English translation module. Extensive experiments demonstrate that effectiveness of the proposed CC-BOS, consistently outperforming state-of-the-art jailbreak attack methods.

Technical details

Canonical key: arxiv-2602.22983

Cache status: Stale (SWR served)

Generated at: Apr 13, 2026, 5:22 PM

Artifact coverage: sparse

HF provider: ok (public)

PWC source used: No

LLM status: not_generated

LLM model: n/a

LLM generated: Unknown

LLM content type: n/a

HF policy: hf-relevance-v27

context only

Benchmarks: thin evidence

Time to repro: a few days

2 risk flags

Hugging Face Transformers training guide

Results & Benchmarks

Freshness tier: hot

Direct + Inferred Evidence

Machine translation

AdvBench

Gemini-2.5-flash

Source: paper fulltext

Machine translation

CLAS

Gemini-2.5-flash

Source: paper fulltext

Machine translation

Ours

Gemini-2.5-flash

Source: paper fulltext

Benchmark evidence drill-down

3 findings

Audit each benchmark finding before selecting an implementation path. Evidence refs map to the disclosure section below.

Task	Dataset	Metric	Value	Source	Evidence refs
Machine translation	AdvBench	Gemini-2.5-flash	0	paper-derived	No explicit refs
Machine translation	CLAS	Gemini-2.5-flash	96	paper-derived	No explicit refs
Machine translation	Ours	Gemini-2.5-flash	99	paper-derived	No explicit refs

As Large Language Models (LLMs) are increasingly used, their security risks have drawn increasing attention.

Implementation Evidence Summary

Confidence: low

Recommendation evidence is currently too limited for a maintained-repo choice. Use Implementation Status and Reproduction Path for a practical baseline plan.

Reproduction Risks

Estimate is based on paper-only reproduction flow

Hardware Notes

Expect multi-day setup/compute for meaningful reproduction based on current guidance.

Evidence disclosure

Evidence graph: 2 refs, 1 links.

Utility signals: depth 95/100, grounding 68/100, status medium.

Implementation Comparison

Top 3 paths

Compare maintenance quality, reproducibility coverage, and evidence confidence before choosing a reproduction baseline.

xaoLiu1222/cc-bos

alternative

Maintenance: Recently updated

Confidence: Medium

Reproducibility: Limited

Matched via arXiv identifier search · Strong overlap with paper title keywords

Stars: 32
Last push: Mar 10, 2026 (39d ago)

Dependencies

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

ngjefffff/wenyan-compact

alternative

Maintenance: Active

Confidence: Low

Reproducibility: Limited

Matched via arXiv identifier search

Stars: 0
Last push: Mar 30, 2026 (19d ago)

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

bitbitlemon/ccbos-mcp

alternative

Maintenance: Active

Confidence: Low

Reproducibility: Limited

Matched via arXiv identifier search

Stars: 0
Last push: Mar 26, 2026 (23d ago)

Dependencies

Risk flags

No CI pipeline detected
No tagged releases
No Docker setup

Implementation Status

No verified maintained repo

There is no verified maintained implementation yet. Use this baseline plan to decide whether to prototype now or defer.

No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.
Track assumptions and missing details in an experiment log before coding.

Time to first repro: a few days

Reproduction readiness

No Repo

Time to first repro: days

Last checked: Apr 13, 2026

Hardware requirements

Expect multi-day setup/compute for meaningful reproduction based on current guidance.

No verified implementation available

· No maintained repository has been identified for this paper. Check adjacent implementations or HF artifacts below.

Framework baselines

Hugging Face Transformers training guide
Modern transformer training baseline.
PyTorch nn.Transformer docs
Reference transformer building block implementation.

Additional implementations

Official

No additional official repositories detected.

Community

xaoLiu1222/cc-bos
Confidence: Medium

CC-BOS: Classical Chinese + Bio-inspired Optimization Search for LLM Jailbreak (arXiv:2602.22983)

Stars: 32

Last push: Mar 10, 2026

Possible but unverified matches (2)

These repositories had low-confidence matching signals and are hidden by default.

ngjefffff/wenyan-compact

Confidence: Low

Stars: 0
bitbitlemon/ccbos-mcp

Confidence: Low

Stars: 0

Hugging Face artifacts

No trustworthy direct or curated related Hugging Face artifacts were found yet.

Continue with targeted Hugging Face searches derived from the paper title and method context:

Models

arxiv:2602.22983 Bio-Inspired Obscure but Effective

Datasets

arxiv:2602.22983 Bio-Inspired dataset Machine translation dataset

Spaces

arxiv:2602.22983 Bio-Inspired demo Machine translation demo

Tip: start with models, then check datasets/spaces if you need evaluation data or demos.

Direct artifact matches are currently sparse. Use targeted Hugging Face searches to quickly locate candidate models, datasets, and demos.

Search models Search datasets Search spaces

Research context

Tasks

Machine translation

Methods

Transformer

Domains

Natural Language Processing

Evaluation & Human Feedback Data

Open this paper in HFEPX to review benchmark signals, evaluation modes, and human-feedback protocol context.

Open in HFEPX

Explore Similar Papers

Jump to Paper2Code search queries derived from this paper's research context.

Machine translation Transformer Natural Language Processing

Need human evaluators for your AI research? Scale annotation with expert AI Trainers.

Post a Job Get a Quote