General + Red Team (Last 120 Days)

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

• 0 papers are replication-ready (benchmark + metric + explicit evaluation mode).
• 0 papers support judge-vs-human agreement analysis.
• 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Why This Matters For Eval Research

• 100% of papers report explicit human-feedback signals, led by red-team protocols.
• automatic metrics appears in 41.7% of papers in this hub.
• Jailbreakbench is a recurring benchmark anchor for cross-paper comparisons in this page.

Protocol Takeaways

• Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
• Rater context is mostly domain experts, and annotation is commonly multi-dimensional rubrics; use this to scope replication staffing.
• Pair this hub with a human_eval-heavy hub to validate judge-model calibration.

Benchmark Interpretation

• Jailbreakbench appears in 8.3% of hub papers (1/12); use this cohort for benchmark-matched comparisons.

Metric Interpretation

• jailbreak success rate is reported in 25% of hub papers (3/12); compare with a secondary metric before ranking methods.
• success rate is reported in 25% of hub papers (3/12); compare with a secondary metric before ranking methods.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

• Refusal Steering: Fine-grained Control over LLM Refusal Behaviour for Sensitive Topics

  Dec 18, 2025 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Llm As Judge · Benchmark: Jailbreakbench · Metric: Not Reported

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Mar 3, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Feb 21, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Feb 20, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Accuracy

• What Matters For Safety Alignment?

  Jan 7, 2026 · Citations: 0 · Score: 5.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Rubric Rating, Red Team · Eval: Not reported · Benchmark: Not Reported · Metric: Not Reported

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Protocol Diff (Top Papers)

Fast side-by-side comparison for the highest-ranked papers in this hub.

Top Papers

• Refusal Steering: Fine-grained Control over LLM Refusal Behaviour for Sensitive Topics

  Iker García-Ferrero, David Montero, Roman Orus · Dec 18, 2025 · Citations: 0

  Red Team Llm As Judge

  We replace fragile pattern-based refusal detection with an LLM-as-a-judge that assigns refusal confidence scores and we propose a ridge-regularized variant to compute steering vectors that better isolate the refusal--compliance direction.

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Zhongxi Wang, Yueqian Lin, Jingyang Zhang, Hai Helen Li, Yiran Chen · Mar 3, 2026 · Citations: 0

  Red Team Automatic Metrics Web Browsing

  Safety evaluation and red-teaming of large language models remain predominantly text-centric, and existing frameworks lack the infrastructure to systematically test whether alignment generalizes to audio, image, and video inputs.

• What Matters For Safety Alignment?

  Xing Li, Hui-Ling Zhen, Lihao Yin, Xianzhi Yu, Zhenhua Dong · Jan 7, 2026 · Citations: 0

  Red Team Automatic Metrics Tool Use

  This paper presents a comprehensive empirical study on the safety alignment capabilities.

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Chun Yan Ryan Kan, Tommy Tran, Vedant Yadav, Ava Cai, Kevin Zhu · Feb 21, 2026 · Citations: 0

  Red Team Automatic Metrics

  We propose MANATEE, an inference-time defense that uses density estimation over a benign representation manifold.

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Mirae Kim, Seonghun Jeong, Youngjun Kwak · Feb 20, 2026 · Citations: 0

  Red Team Automatic Metrics

  A baseline detector trained on FENCE achieves 99 percent in-distribution accuracy and maintains strong performance on external benchmarks, underscoring the dataset's robustness for training reliable detection models.

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Yifei Xu, Guilherme Potje, Shivam Shandilya, Tiancheng Yuan, Leonardo de Oliveira Nunes · Feb 24, 2026 · Citations: 0

  Rubric RatingRed Team

  We present SibylSense, an inference-time learning approach that adapts a frozen rubric generator through a tunable memory bank of validated rubric items.

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Shruti Srivastava, Kiranmayee Janardhan, Shaurya Jauhari · Feb 24, 2026 · Citations: 0

  Red Team Automatic Metrics

  These limitations have driven the evolution toward auto-mated red teaming, which leverages artificial intelligence and automation to deliver efficient and adaptive security evaluations.

• TAO-Attack: Toward Advanced Optimization-Based Jailbreak Attacks for Large Language Models

  Zhi Xu, Jiaqi Li, Xiaotong Zhang, Hong Yu, Han Liu · Mar 3, 2026 · Citations: 0

  Red Team

  Large language models (LLMs) have achieved remarkable success across diverse applications but remain vulnerable to jailbreak attacks, where attackers craft prompts that bypass safety alignment and elicit unsafe responses.

• Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

  Mengxuan Hu, Vivek V. Datla, Anoop Kumar, Zihan Guan, Sheng Li · Feb 24, 2026 · Citations: 0

  Pairwise PreferenceRed Team

  Recent advances in alignment techniques such as Supervised Fine-Tuning (SFT), Reinforcement Learning from Human Feedback (RLHF), and Direct Preference Optimization (DPO) have improved the safety of large language models (LLMs).

• Intent Laundering: AI Safety Datasets Are Not What They Seem

  Shahriar Golchin, Marc Wetter · Feb 17, 2026 · Citations: 0

  Red Team

  We systematically evaluate the quality of widely used AI safety datasets from two perspectives: in isolation and in practice.

• Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

  Lukas Struppek, Adam Gleave, Kellin Pelrine · Feb 16, 2026 · Citations: 0

  Red Team

  We present the largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models.

• Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

  Sri Durga Sai Sowmya Kadali, Evangelos E. Papalexakis · Feb 12, 2026 · Citations: 0

  Red Team

  On an abliterated LLaMA-3.1-8B model, selectively bypassing high-susceptibility layers blocks 78% of jailbreak attempts while preserving benign behavior on 94% of benign prompts.

Related Hubs

• General + Red Team (Last 90 Days) Hub
• General + Red Team (Last 60 Days) Hub
• Red Team Papers (Last 120 Days) Hub
• Red Team Papers (Last 90 Days) Hub
• General + Red Team Papers Hub
• General + Red Team (Last 30 Days) Hub