Skip to content
← Back to explorer

HFEPX Hub

CS.LG + Red Team Papers

Updated from current HFEPX corpus (Mar 8, 2026). 10 papers are grouped in this hub page.

Read Full Context

Updated from current HFEPX corpus (Mar 8, 2026). 10 papers are grouped in this hub page. Common evaluation modes: Automatic Metrics, Llm As Judge. Most common rater population: Domain Experts. Common annotation unit: Multi Dim Rubric. Frequently cited benchmark: AdvBench. Common metric signal: jailbreak success rate. Use this page to compare protocol setup, judge behavior, and labeling design decisions before running new eval experiments. Newest paper in this set is from Feb 27, 2026.

Papers: 10 Last published: Feb 27, 2026 Global RSS Tag RSS
Cs.LGRed Team

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

All Sampled Papers (10) Replication-Ready Only (1)

High-Signal Coverage

100.0%

10 / 10 sampled papers are not low-signal flagged.

Replication-Ready Set

1

Benchmark + metric + eval mode explicitly present.

Judge/Human Comparability

0

Papers containing both `human_eval` and `llm_as_judge`.

  • 1 papers are replication-ready (benchmark + metric + explicit evaluation mode).
  • 0 papers support judge-vs-human agreement analysis.
  • 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Currently showing only replication-ready papers in ranking and matrix sections (1 papers).

Why This Matters For Eval Research

  • 100% of papers report explicit human-feedback signals, led by red-team protocols.
  • automatic metrics appears in 30% of papers in this hub.
  • AdvBench is a recurring benchmark anchor for cross-paper comparisons in this page.

Protocol Takeaways

  • Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
  • Rater context is mostly domain experts, and annotation is commonly multi-dimensional rubrics; use this to scope replication staffing.
  • Pair this hub with a human_eval-heavy hub to validate judge-model calibration.

Benchmark Interpretation

  • AdvBench appears in 10% of hub papers (1/10); use this cohort for benchmark-matched comparisons.
  • Jbf-Eval appears in 10% of hub papers (1/10); use this cohort for benchmark-matched comparisons.

Metric Interpretation

  • jailbreak success rate is reported in 40% of hub papers (4/10); compare with a secondary metric before ranking methods.
  • success rate is reported in 40% of hub papers (4/10); compare with a secondary metric before ranking methods.
Researcher Checklist (Expanded)

Researcher Checklist

  • Strong: Papers with explicit human feedback

    Coverage is strong (100% vs 45% target).

  • Gap: Papers reporting quality controls

    Coverage is a replication risk (0% vs 30% target).

  • Gap: Papers naming benchmarks/datasets

    Coverage is a replication risk (10% vs 35% target).

  • Strong: Papers naming evaluation metrics

    Coverage is strong (50% vs 35% target).

  • Gap: Papers with known rater population

    Coverage is a replication risk (10% vs 35% target).

  • Gap: Papers with known annotation unit

    Coverage is a replication risk (10% vs 35% target).

Strengths

  • Strong human-feedback signal (100% of papers).

Known Gaps

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (10% coverage).
  • Annotation unit is under-specified (10% coverage).

Suggested Next Analyses

  • Pair this hub with a human_eval-heavy hub to validate judge-model calibration.
  • Stratify by benchmark (AdvBench vs Jbf-Eval) before comparing methods.
  • Track metric sensitivity by reporting both jailbreak success rate and success rate.
Recommended Queries (Expanded)

Recommended Queries

LLM-as-Judge Protocols Benchmark Slice: AdvBench Metric Slice: jailbreak success rate Recent High-Signal Papers

Start with These 3

Use these when you need one protocol anchor, one benchmark anchor, and one recent comparison point before reading the wider hub.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Paper HF Signal Eval Modes Benchmarks Metrics QC
Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Feb 27, 2026

 Yes
Red Team
Llm As Judge AdvBench , Jbf Eval Success rate , Jailbreak success rate Not Reported
Suggested Reading Order (Extended)

This section is intentionally expanded only when needed; use “Start Here” above for a faster pass.

Suggested Reading Order

  1. MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

    Start here for detailed protocol reporting and quality-control evidence. Signals: automatic metrics + red-team protocols. Focus: success rate. Abstract: We present MUSE (Multimodal Unified Safety Evaluation), an open-source,.

  2. Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

    Start here for detailed protocol reporting and quality-control evidence. Signals: LLM-as-judge + red-team protocols. Focus: AdvBench / success rate. Abstract: This system enables a standardized AdvBench evaluation of.

  3. SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

    Start here for detailed protocol reporting and quality-control evidence. Signals: rubric ratings. Abstract: Rubrics provide structured, interpretable supervision, but scaling rubric construction is difficult: expert rubrics are costly,.

  4. MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

    Adds automatic metrics with red-team protocols for broader protocol coverage within this hub. Signals: automatic metrics + red-team protocols. Focus: success rate. Abstract: Defending LLMs against adversarial jailbreak.

  5. When Style Breaks Safety: Defending LLMs Against Superficial Style Alignment

    Adds automatic metrics with red-team protocols for broader protocol coverage within this hub. Signals: automatic metrics + red-team protocols. Focus: success rate. Abstract: Large language models (LLMs) can.

  6. Steering Dialogue Dynamics for Robustness against Multi-turn Jailbreaking Attacks

    Adds evaluation protocol evidence with red-team protocols for broader protocol coverage within this hub. Signals: red-team protocols. Focus: helpfulness. Abstract: Large language models (LLMs) are shown to be.

  7. Helpful to a Fault: Measuring Illicit Assistance in Multi-Turn, Multilingual LLM Agents

    Adds evaluation protocol evidence with red-team protocols for broader protocol coverage within this hub. Signals: red-team protocols. Abstract: We introduce STING (Sequential Testing of Illicit N-step Goal execution),.

  8. Intent Laundering: AI Safety Datasets Are Not What They Seem

    Adds evaluation protocol evidence with red-team protocols for broader protocol coverage within this hub. Signals: red-team protocols. Abstract: We systematically evaluate the quality of widely used AI safety.

Known Limitations

Known Limitations

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (10% coverage).
  • Narrative synthesis is grounded in metadata and abstracts only; full-paper implementation details are not parsed.
Research Utility Snapshot (Detailed)

Research Utility Snapshot

Human Feedback Mix

  • Red Team (10)
  • Rubric Rating (1)

Evaluation Modes

  • Automatic Metrics (3)
  • Llm As Judge (1)

Top Benchmarks

  • AdvBench (1)
  • Jbf Eval (1)

Top Metrics

  • Jailbreak success rate (4)
  • Success rate (4)
  • Helpfulness (1)

Rater Population Mix

  • Domain Experts (1)

Quality Controls

Coverage diagnostics (sample-based): human-feedback 100.0% · benchmarks 10.0% · metrics 50.0% · quality controls 0.0%.

Top Papers

  • Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

    Zhicheng Fang, Jingjie Zheng, Chenxu Fu, Wei Xu · Feb 27, 2026 · Citations: 0

    Red Team Llm As Judge Multi Agent

    Jailbreak techniques for large language models (LLMs) evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols.

Related Hubs

Need human evaluators for your AI research? Scale annotation with expert AI Trainers.

Post a Job Get a Quote