General + Red Team (Last 60 Days)

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

• 0 papers are replication-ready (benchmark + metric + explicit evaluation mode).
• 0 papers support judge-vs-human agreement analysis.
• 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Why This Matters For Eval Research

• 100% of papers report explicit human-feedback signals, led by red-team protocols.
• automatic metrics appears in 45.5% of papers in this hub.
• tool-use evaluation appears in 9.1% of papers, indicating agentic evaluation demand.

Protocol Takeaways

• Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
• Rater context is mostly domain experts, and annotation is commonly multi-dimensional rubrics; use this to scope replication staffing.
• Track metric sensitivity by reporting both jailbreak success rate and success rate.

Metric Interpretation

• jailbreak success rate is reported in 27.3% of hub papers (3/11); compare with a secondary metric before ranking methods.
• success rate is reported in 27.3% of hub papers (3/11); compare with a secondary metric before ranking methods.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Mar 3, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Feb 21, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Feb 20, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Accuracy

• What Matters For Safety Alignment?

  Jan 7, 2026 · Citations: 0 · Score: 5.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Rubric Rating, Red Team · Eval: Not reported · Benchmark: Not Reported · Metric: Not Reported

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Not Reported

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Protocol Diff (Top Papers)

Fast side-by-side comparison for the highest-ranked papers in this hub.

Top Papers

• MUSE: A Run-Centric Platform for Multimodal Unified Safety Evaluation of Large Language Models

  Zhongxi Wang, Yueqian Lin, Jingyang Zhang, Hai Helen Li, Yiran Chen · Mar 3, 2026 · Citations: 0

  Red Team Automatic Metrics Web Browsing

  Safety evaluation and red-teaming of large language models remain predominantly text-centric, and existing frameworks lack the infrastructure to systematically test whether alignment generalizes to audio, image, and video inputs.

• What Matters For Safety Alignment?

  Xing Li, Hui-Ling Zhen, Lihao Yin, Xianzhi Yu, Zhenhua Dong · Jan 7, 2026 · Citations: 0

  Red Team Automatic Metrics Tool Use

  This paper presents a comprehensive empirical study on the safety alignment capabilities.

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Chun Yan Ryan Kan, Tommy Tran, Vedant Yadav, Ava Cai, Kevin Zhu · Feb 21, 2026 · Citations: 0

  Red Team Automatic Metrics

  We propose MANATEE, an inference-time defense that uses density estimation over a benign representation manifold.

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Mirae Kim, Seonghun Jeong, Youngjun Kwak · Feb 20, 2026 · Citations: 0

  Red Team Automatic Metrics

  A baseline detector trained on FENCE achieves 99 percent in-distribution accuracy and maintains strong performance on external benchmarks, underscoring the dataset's robustness for training reliable detection models.

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Yifei Xu, Guilherme Potje, Shivam Shandilya, Tiancheng Yuan, Leonardo de Oliveira Nunes · Feb 24, 2026 · Citations: 0

  Rubric RatingRed Team

  We present SibylSense, an inference-time learning approach that adapts a frozen rubric generator through a tunable memory bank of validated rubric items.

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Shruti Srivastava, Kiranmayee Janardhan, Shaurya Jauhari · Feb 24, 2026 · Citations: 0

  Red Team Automatic Metrics

  These limitations have driven the evolution toward auto-mated red teaming, which leverages artificial intelligence and automation to deliver efficient and adaptive security evaluations.

• TAO-Attack: Toward Advanced Optimization-Based Jailbreak Attacks for Large Language Models

  Zhi Xu, Jiaqi Li, Xiaotong Zhang, Hong Yu, Han Liu · Mar 3, 2026 · Citations: 0

  Red Team

  Large language models (LLMs) have achieved remarkable success across diverse applications but remain vulnerable to jailbreak attacks, where attackers craft prompts that bypass safety alignment and elicit unsafe responses.

• Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

  Mengxuan Hu, Vivek V. Datla, Anoop Kumar, Zihan Guan, Sheng Li · Feb 24, 2026 · Citations: 0

  Pairwise PreferenceRed Team

  Recent advances in alignment techniques such as Supervised Fine-Tuning (SFT), Reinforcement Learning from Human Feedback (RLHF), and Direct Preference Optimization (DPO) have improved the safety of large language models (LLMs).

• Intent Laundering: AI Safety Datasets Are Not What They Seem

  Shahriar Golchin, Marc Wetter · Feb 17, 2026 · Citations: 0

  Red Team

  We systematically evaluate the quality of widely used AI safety datasets from two perspectives: in isolation and in practice.

• Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

  Lukas Struppek, Adam Gleave, Kellin Pelrine · Feb 16, 2026 · Citations: 0

  Red Team

  We present the largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models.

• Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

  Sri Durga Sai Sowmya Kadali, Evangelos E. Papalexakis · Feb 12, 2026 · Citations: 0

  Red Team

  On an abliterated LLaMA-3.1-8B model, selectively bypassing high-susceptibility layers blocks 78% of jailbreak attempts while preserving benign behavior on 94% of benign prompts.

Related Hubs

• General + Red Team (Last 120 Days) Hub
• General + Red Team (Last 90 Days) Hub
• General + Red Team (Last 30 Days) Hub
• General + Red Team (Last 45 Days) Hub
• Red Team Papers (Last 60 Days) Hub
• Red Team Papers (Last 120 Days) Hub