CS.LG + Red Team Papers

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

• 1 papers are replication-ready (benchmark + metric + explicit evaluation mode).
• 0 papers support judge-vs-human agreement analysis.
• 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Why This Matters For Eval Research

• 100% of papers report explicit human-feedback signals, led by red-team protocols.
• automatic metrics appears in 30% of papers in this hub.
• AdvBench is a recurring benchmark anchor for cross-paper comparisons in this page.

Protocol Takeaways

• Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
• Rater context is mostly domain experts, and annotation is commonly multi-dimensional rubrics; use this to scope replication staffing.
• Pair this hub with a human_eval-heavy hub to validate judge-model calibration.

Benchmark Interpretation

• AdvBench appears in 10% of hub papers (1/10); use this cohort for benchmark-matched comparisons.
• Jbf-Eval appears in 10% of hub papers (1/10); use this cohort for benchmark-matched comparisons.

Metric Interpretation

• jailbreak success rate is reported in 40% of hub papers (4/10); compare with a secondary metric before ranking methods.
• success rate is reported in 40% of hub papers (4/10); compare with a secondary metric before ranking methods.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

• Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

  Feb 27, 2026 · Citations: 0 · Score: 8.0

  HF: Red Team · Eval: Llm As Judge · Benchmark: AdvBench · Metric: Success rate

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Mar 3, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Feb 21, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• When Style Breaks Safety: Defending LLMs Against Superficial Style Alignment

  Jun 9, 2025 · Citations: 0 · Score: 4.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Rubric Rating, Red Team · Eval: Not reported · Benchmark: Not Reported · Metric: Not Reported

• Helpful to a Fault: Measuring Illicit Assistance in Multi-Turn, Multilingual LLM Agents

  Feb 18, 2026 · Citations: 0 · Score: 4.5

  HF: Red Team · Eval: Not reported · Benchmark: Not Reported · Metric: Not Reported

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Protocol Diff (Top Papers)

Fast side-by-side comparison for the highest-ranked papers in this hub.

Top Papers

• Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

  Zhicheng Fang, Jingjie Zheng, Chenxu Fu, Wei Xu · Feb 27, 2026 · Citations: 0

  Red Team Llm As Judge Multi Agent

  Jailbreak techniques for large language models (LLMs) evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols.

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Zhongxi Wang, Yueqian Lin, Jingyang Zhang, Hai Helen Li, Yiran Chen · Mar 3, 2026 · Citations: 0

  Red Team Automatic Metrics Web Browsing

  Safety evaluation and red-teaming of large language models remain predominantly text-centric, and existing frameworks lack the infrastructure to systematically test whether alignment generalizes to audio, image, and video inputs.

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Chun Yan Ryan Kan, Tommy Tran, Vedant Yadav, Ava Cai, Kevin Zhu · Feb 21, 2026 · Citations: 0

  Red Team Automatic Metrics

  We propose MANATEE, an inference-time defense that uses density estimation over a benign representation manifold.

• When Style Breaks Safety: Defending LLMs Against Superficial Style Alignment

  Yuxin Xiao, Sana Tonekaboni, Walter Gerych, Vinith Suriyakumar, Marzyeh Ghassemi · Jun 9, 2025 · Citations: 0

  Red Team Automatic Metrics

  In this work, we seek to understand whether style patterns compromise LLM safety, how superficial style alignment increases model vulnerability, and how best to mitigate these risks during alignment.

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Yifei Xu, Guilherme Potje, Shivam Shandilya, Tiancheng Yuan, Leonardo de Oliveira Nunes · Feb 24, 2026 · Citations: 0

  Rubric RatingRed Team

  We present SibylSense, an inference-time learning approach that adapts a frozen rubric generator through a tunable memory bank of validated rubric items.

• Steering Dialogue Dynamics for Robustness against Multi-turn Jailbreaking Attacks

  Hanjiang Hu, Alexander Robey, Changliu Liu · Feb 28, 2025 · Citations: 0

  Red Team

  To address this challenge, we propose a safety steering framework grounded in safe control theory, ensuring invariant safety in multi-turn dialogues.

• Helpful to a Fault: Measuring Illicit Assistance in Multi-Turn, Multilingual LLM Agents

  Nivya Talokar, Ayush K Tarun, Murari Mandal, Maksym Andriushchenko, Antoine Bosselut · Feb 18, 2026 · Citations: 0

  Red Team

  LLM-based agents execute real-world workflows via tools and memory.

• Intent Laundering: AI Safety Datasets Are Not What They Seem

  Shahriar Golchin, Marc Wetter · Feb 17, 2026 · Citations: 0

  Red Team

  We systematically evaluate the quality of widely used AI safety datasets from two perspectives: in isolation and in practice.

• Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

  Lukas Struppek, Adam Gleave, Kellin Pelrine · Feb 16, 2026 · Citations: 0

  Red Team

  We present the largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models.

• Mitigating Over-Refusal in Aligned Large Language Models via Inference-Time Activation Energy

  Eric Hanchen Jiang, Weixuan Ou, Run Liu, Shengyuan Pang, Guancheng Wan · Oct 9, 2025 · Citations: 0

  Red Team

  Safety alignment of large language models currently faces a central challenge: existing alignment techniques often prioritize mitigating responses to harmful prompts at the expense of overcautious behavior, leading models to incorrectly…

Related Hubs

• CS.CL + Red Team Papers Hub
• Red Team Papers Hub
• Red Team Or Rlaif Or Synthetic Feedback Papers Hub
• Critique Edit Or Red Team Papers Hub
• Red Team Or Rubric Rating Papers Hub
• Demonstrations Or Red Team Papers Hub