Skip to content
← Back to explorer

HFEPX Hub

CS.CL + Red Team Papers

Updated from current HFEPX corpus (Feb 27, 2026). 20 papers are grouped in this hub page. Common evaluation modes: Automatic Metrics, Simulation Env. Most common rater population: Domain Experts. Common annotation unit: Multi Dim Rubric. Frequently cited benchmark: AdvBench. Common metric signal: jailbreak success rate. Use this page to compare protocol setup, judge behavior, and labeling design decisions before running new eval experiments. Newest paper in this set is from Feb 24, 2026.

Papers: 20 Last published: Feb 24, 2026 Global RSS Tag RSS
Cs.CLRed Team

Research Narrative

Grounded narrative Model: deterministic-grounded Source: persisted

Updated from current HFEPX corpus (Feb 27, 2026). This page tracks 20 papers for CS.CL + Red Team Papers. Dominant protocol signals include automatic metrics, simulation environments, with frequent benchmark focus on AdvBench, Jailbreakbench and metric focus on jailbreak success rate, success rate. Use the grounded sections below to prioritize reproducible protocol choices, benchmark-matched comparisons, and judge-vs-human evaluation checks.

Why This Matters For Eval Research

Protocol Takeaways

Benchmark Interpretation

  • AdvBench appears in 5% of hub papers (1/20); use this cohort for benchmark-matched comparisons.
  • Jailbreakbench appears in 5% of hub papers (1/20); use this cohort for benchmark-matched comparisons.

Metric Interpretation

  • jailbreak success rate is reported in 25% of hub papers (5/20); compare with a secondary metric before ranking methods.
  • success rate is reported in 20% of hub papers (4/20); compare with a secondary metric before ranking methods.

Researcher Checklist

  • Maintain strength on Papers with explicit human feedback. Coverage is strong (100% vs 45% target).
  • Close gap on Papers reporting quality controls. Coverage is a replication risk (0% vs 30% target).
  • Close gap on Papers naming benchmarks/datasets. Coverage is a replication risk (20% vs 35% target).
  • Maintain strength on Papers naming evaluation metrics. Coverage is strong (45% vs 35% target).
  • Close gap on Papers with known rater population. Coverage is a replication risk (10% vs 35% target).
  • Close gap on Papers with known annotation unit. Coverage is a replication risk (5% vs 35% target).

Papers with explicit human feedback

Coverage is strong (100% vs 45% target).

Papers reporting quality controls

Coverage is a replication risk (0% vs 30% target).

Papers naming benchmarks/datasets

Coverage is a replication risk (20% vs 35% target).

Papers naming evaluation metrics

Coverage is strong (45% vs 35% target).

Papers with known rater population

Coverage is a replication risk (10% vs 35% target).

Papers with known annotation unit

Coverage is a replication risk (5% vs 35% target).

Suggested Reading Order

  1. 1. Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  2. 2. SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  3. 3. Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

    Start here for detailed protocol reporting, including rater and quality-control evidence.

  4. 4. MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  5. 5. FENCE: A Financial and Multimodal Jailbreak Detection Dataset

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  6. 6. IndicJR: A Judge-Free Benchmark of Jailbreak Robustness in South Asian Languages

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  7. 7. Helpful to a Fault: Measuring Illicit Assistance in Multi-Turn, Multilingual LLM Agents

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

  8. 8. Intent Laundering: AI Safety Datasets Are Not What They Seem

    Adds automatic metrics with red-team protocols for broader coverage within this hub.

Known Limitations

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (10% coverage).
  • Narrative synthesis is grounded in metadata and abstracts only; full-paper implementation details are not parsed.

Research Utility Links

automatic_metrics vs simulation_env

both=0, left_only=18, right_only=2

0 papers use both Automatic Metrics and Simulation Env.

Benchmark Brief

AdvBench

Coverage: 1 papers (5%)

1 papers (5%) mention AdvBench.

Examples: A Simple and Efficient Jailbreak Method Exploiting LLMs' Helpfulness

Benchmark Brief

Jailbreakbench

Coverage: 1 papers (5%)

1 papers (5%) mention Jailbreakbench.

Examples: Refusal Steering: Fine-grained Control over LLM Refusal Behaviour for Sensitive Topics

Benchmark Brief

Retrieval

Coverage: 1 papers (5%)

1 papers (5%) mention Retrieval.

Examples: Beyond Single-Turn: A Survey on Multi-Turn Interactions with Large Language Models

Metric Brief

jailbreak success rate

Coverage: 5 papers (25%)

5 papers (25%) mention jailbreak success rate.

Examples: MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs , What Matters For Safety Alignment? , Reasoning Up the Instruction Ladder for Controllable Language Models

Metric Brief

success rate

Coverage: 4 papers (20%)

4 papers (20%) mention success rate.

Examples: MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs , What Matters For Safety Alignment? , Reasoning Up the Instruction Ladder for Controllable Language Models

Metric Brief

helpfulness

Coverage: 2 papers (10%)

2 papers (10%) mention helpfulness.

Examples: A Simple and Efficient Jailbreak Method Exploiting LLMs' Helpfulness , Steering Dialogue Dynamics for Robustness against Multi-turn Jailbreaking Attacks

Most Cited In This Hub

Fast path to methods with the strongest citation traction in this scope.

Papers: Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment , SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing , Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

Most Recent

Fast path to latest protocol changes and newly published evaluation setups.

Papers: Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment , SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing , Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

Best Protocol Detail

Papers with explicit rater/unit metadata and quality-control signals for reproducibility.

Papers: Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment , SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing , Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

Top Papers

Related Hubs