Skip to content
← Back to explorer

HFEPX Hub

Automatic Metrics + General + Red Team Papers

Updated from current HFEPX corpus (Feb 27, 2026). 14 papers are grouped in this hub page. Common evaluation modes: Automatic Metrics. Most common rater population: Domain Experts. Common annotation unit: Multi Dim Rubric. Frequently cited benchmark: Jailbreakbench. Common metric signal: jailbreak success rate. Use this page to compare protocol setup, judge behavior, and labeling design decisions before running new eval experiments. Newest paper in this set is from Feb 24, 2026.

Papers: 14 Last published: Feb 24, 2026 Global RSS Tag RSS
Automatic MetricsGeneralRed Team

Research Narrative

Grounded narrative Model: deterministic-grounded Source: persisted

Updated from current HFEPX corpus (Feb 27, 2026). This page tracks 14 papers for Automatic Metrics + General + Red Team Papers. Dominant protocol signals include automatic metrics, with frequent benchmark focus on Jailbreakbench and metric focus on jailbreak success rate, success rate. Use the grounded sections below to prioritize reproducible protocol choices, benchmark-matched comparisons, and judge-vs-human evaluation checks.

Why This Matters For Eval Research

Protocol Takeaways

Benchmark Interpretation

  • Jailbreakbench appears in 7.1% of hub papers (1/14); use this cohort for benchmark-matched comparisons.

Metric Interpretation

  • jailbreak success rate is reported in 28.6% of hub papers (4/14); compare with a secondary metric before ranking methods.
  • success rate is reported in 28.6% of hub papers (4/14); compare with a secondary metric before ranking methods.

Researcher Checklist

  • Maintain strength on Papers with explicit human feedback. Coverage is strong (100% vs 45% target).
  • Close gap on Papers reporting quality controls. Coverage is a replication risk (0% vs 30% target).
  • Close gap on Papers naming benchmarks/datasets. Coverage is a replication risk (7.1% vs 35% target).
  • Maintain strength on Papers naming evaluation metrics. Coverage is strong (42.9% vs 35% target).
  • Close gap on Papers with known rater population. Coverage is a replication risk (7.1% vs 35% target).
  • Close gap on Papers with known annotation unit. Coverage is a replication risk (7.1% vs 35% target).

Papers with explicit human feedback

Coverage is strong (100% vs 45% target).

Papers reporting quality controls

Coverage is a replication risk (0% vs 30% target).

Papers naming benchmarks/datasets

Coverage is a replication risk (7.1% vs 35% target).

Papers naming evaluation metrics

Coverage is strong (42.9% vs 35% target).

Papers with known rater population

Coverage is a replication risk (7.1% vs 35% target).

Papers with known annotation unit

Coverage is a replication risk (7.1% vs 35% target).

Suggested Reading Order

  1. 1. Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  2. 2. A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  3. 3. SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  4. 4. MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  5. 5. FENCE: A Financial and Multimodal Jailbreak Detection Dataset

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  6. 6. Intent Laundering: AI Safety Datasets Are Not What They Seem

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  7. 7. Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  8. 8. Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

Known Limitations

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (7.1% coverage).
  • Narrative synthesis is grounded in metadata and abstracts only; full-paper implementation details are not parsed.

Research Utility Links

Benchmark Brief

Jailbreakbench

Coverage: 1 papers (7.1%)

1 papers (7.1%) mention Jailbreakbench.

Examples: Refusal Steering: Fine-grained Control over LLM Refusal Behaviour for Sensitive Topics

Metric Brief

jailbreak success rate

Coverage: 4 papers (28.6%)

4 papers (28.6%) mention jailbreak success rate.

Examples: MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs , What Matters For Safety Alignment? , Reasoning Up the Instruction Ladder for Controllable Language Models

Metric Brief

accuracy

Coverage: 1 papers (7.1%)

1 papers (7.1%) mention accuracy.

Examples: FENCE: A Financial and Multimodal Jailbreak Detection Dataset

Top Papers

Related Hubs