Automatic Metrics + General + Red Team Papers

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

• 3 papers are replication-ready (benchmark + metric + explicit evaluation mode).
• 0 papers support judge-vs-human agreement analysis.
• 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Start with the top 2 papers in “Start Here”, then validate assumptions in the protocol matrix.

Why This Matters For Eval Research

• 100% of papers report explicit human-feedback signals, led by red-team protocols.
• automatic metrics appears in 100% of papers in this hub.
• Rtc-Bench is a recurring benchmark anchor for cross-paper comparisons in this page.

Protocol Takeaways

• Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
• Rater context is mostly domain experts, and annotation is commonly trajectory-level annotation; use this to scope replication staffing.
• Stratify by benchmark (Rtc-Bench vs Semeval) before comparing methods.

Benchmark Interpretation

• Rtc-Bench appears in 6.7% of hub papers (1/15); use this cohort for benchmark-matched comparisons.
• Semeval appears in 6.7% of hub papers (1/15); use this cohort for benchmark-matched comparisons.

Metric Interpretation

• jailbreak success rate is reported in 40% of hub papers (6/15); compare with a secondary metric before ranking methods.
• success rate is reported in 33.3% of hub papers (5/15); compare with a secondary metric before ranking methods.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

• TraceSafe: A Systematic Assessment of LLM Guardrails on Multi-Step Tool-Calling Trajectories

  Apr 8, 2026 · Citations: 0 · Score: 8.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Tracesafe Bench · Metric: Accuracy

• SemEval-2026 Task 6: CLARITY -- Unmasking Political Question Evasions

  Mar 14, 2026 · Citations: 0 · Score: 8.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Semeval · Metric: F1

• RedTeamCUA: Realistic Adversarial Testing of Computer-Use Agents in Hybrid Web-OS Environments

  May 28, 2025 · Citations: 0 · Score: 6.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Rtc Bench · Metric: Jailbreak success rate

• Exposing Long-Tail Safety Failures in Large Language Models through Efficient Diverse Response Sampling

  Mar 15, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Cost

• WebWeaver: Breaking Topology Confidentiality in LLM Multi-Agent Systems with Stealthy Context-Based Inference

  Mar 11, 2026 · Citations: 0 · Score: 5.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Accuracy

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Mar 3, 2026 · Citations: 0 · Score: 5.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Protocol Diff (Top Papers)

Fast side-by-side comparison for the highest-ranked papers in this hub.

Top Papers

• TraceSafe: A Systematic Assessment of LLM Guardrails on Multi-Step Tool-Calling Trajectories

  Yen-Shan Chen, Sian-Yao Huang, Cheng-Lin Yang, Yun-Nung Chen · Apr 8, 2026 · Citations: 0

  Red Team Automatic Metrics Long Horizon

  As large language models (LLMs) evolve from static chatbots into autonomous agents, the primary vulnerability surface shifts from final outputs to intermediate execution traces.

• RedTeamCUA: Realistic Adversarial Testing of Computer-Use Agents in Hybrid Web-OS Environments

  Zeyi Liao, Jaylen Jones, Linxi Jiang, Yuting Ning, Eric Fosler-Lussier · May 28, 2025 · Citations: 0

  Red Team Automatic Metrics Web Browsing

  Using RedTeamCUA, we develop RTC-Bench, a comprehensive benchmark with 864 examples that investigate realistic, hybrid web-OS attack scenarios and fundamental security vulnerabilities.

• SemEval-2026 Task 6: CLARITY -- Unmasking Political Question Evasions

  Konstantinos Thomas, Giorgos Filandrianos, Maria Lymperaiou, Chrysoula Zerva, Giorgos Stamou · Mar 14, 2026 · Citations: 0

  Red Team Automatic Metrics

  The benchmark is constructed from U.S.

• WebWeaver: Breaking Topology Confidentiality in LLM Multi-Agent Systems with Stealthy Context-Based Inference

  Zixun Xiong, Gaoyi Wu, Lingfeng Yao, Miao Pan, Xiaojiang Du · Mar 11, 2026 · Citations: 0

  Red Team Automatic Metrics Multi Agent

  Communication topology is a critical factor in the utility and safety of LLM-based multi-agent systems (LLM-MAS), making it a high-value intellectual property (IP) whose confidentiality remains insufficiently studied.

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Zhongxi Wang, Yueqian Lin, Jingyang Zhang, Hai Helen Li, Yiran Chen · Mar 3, 2026 · Citations: 0

  Red Team Automatic Metrics Web Browsing

  Safety evaluation and red-teaming of large language models remain predominantly text-centric, and existing frameworks lack the infrastructure to systematically test whether alignment generalizes to audio, image, and video inputs.

• What Matters For Safety Alignment?

  Xing Li, Hui-Ling Zhen, Lihao Yin, Xianzhi Yu, Zhenhua Dong · Jan 7, 2026 · Citations: 0

  Red Team Automatic Metrics Tool Use

  This paper presents a comprehensive empirical study on the safety alignment capabilities.

• Exposing Long-Tail Safety Failures in Large Language Models through Efficient Diverse Response Sampling

  Suvadeep Hajra, Palash Nandi, Tanmoy Chakraborty · Mar 15, 2026 · Citations: 0

  Red Team Automatic Metrics

  While most red-teaming work emphasizes adversarial prompt search (input-space optimization), we show that safety failures can also be systematically exposed through diverse response generation (output-space exploration) for a fixed…

• IH-Challenge: A Training Dataset to Improve Instruction Hierarchy on Frontier LLMs

  Chuan Guo, Juan Felipe Ceron Uribe, Sicheng Zhu, Christopher A. Choquette-Choo, Steph Lin · Mar 11, 2026 · Citations: 0

  Red Team Automatic Metrics

  IH is key to defending against jailbreaks, system prompt extractions, and agentic prompt injections.

• Can Safety Emerge from Weak Supervision? A Systematic Analysis of Small Language Models

  Punyajoy Saha, Sudipta Halder, Debjyoti Mondal, Subhadarshi Panda · Mar 7, 2026 · Citations: 0

  Pairwise PreferenceRed Team Automatic Metrics

  Safety alignment is critical for deploying large language models (LLMs) in real-world applications, yet most existing approaches rely on large human-annotated datasets and static red-teaming benchmarks that are costly, difficult to scale,…

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Chun Yan Ryan Kan, Tommy Tran, Vedant Yadav, Ava Cai, Kevin Zhu · Feb 21, 2026 · Citations: 0

  Red Team Automatic Metrics

  We propose MANATEE, an inference-time defense that uses density estimation over a benign representation manifold.

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Mirae Kim, Seonghun Jeong, Youngjun Kwak · Feb 20, 2026 · Citations: 0

  Red Team Automatic Metrics

  A baseline detector trained on FENCE achieves 99 percent in-distribution accuracy and maintains strong performance on external benchmarks, underscoring the dataset's robustness for training reliable detection models.

• Reasoning Up the Instruction Ladder for Controllable Language Models

  Zishuo Zheng, Vidhisha Balachandran, Chan Young Park, Faeze Brahman, Sachin Kumar · Oct 30, 2025 · Citations: 0

  Red Team Automatic Metrics

  Our finetuned models achieve consistent improvements on instruction following and instruction hierarchy benchmarks, achieving roughly a 20% improvement on the IHEval conflict setup.

• RECAP: Reproducing Copyrighted Data from LLMs Training with an Agentic Pipeline

  André V. Duarte, Xuying li, Bin Zeng, Arlindo L. Oliveira, Lei Li · Oct 29, 2025 · Citations: 0

  Red Team Automatic Metrics

  As such, we propose RECAP, an agentic pipeline designed to elicit and verify memorized training data from LLM outputs.

• When Style Breaks Safety: Defending LLMs Against Superficial Style Alignment

  Yuxin Xiao, Sana Tonekaboni, Walter Gerych, Vinith Suriyakumar, Marzyeh Ghassemi · Jun 9, 2025 · Citations: 0

  Red Team Automatic Metrics

  In this work, we seek to understand whether style patterns compromise LLM safety, how superficial style alignment increases model vulnerability, and how best to mitigate these risks during alignment.

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Shruti Srivastava, Kiranmayee Janardhan, Shaurya Jauhari · Feb 24, 2026 · Citations: 0

  Red Team Automatic Metrics

  These limitations have driven the evolution toward auto-mated red teaming, which leverages artificial intelligence and automation to deliver efficient and adaptive security evaluations.

Related Hubs

• Automatic Metrics + Red Team Papers Hub
• General + Red Team Papers Hub
• Automatic Metrics + Red Team (Last 120 Days) Hub
• Red Team Papers Hub
• Red Team Or Rlaif Or Synthetic Feedback Papers Hub
• Automatic Metrics + Red Team (Last 60 Days) Hub