Skip to content
← Back to explorer

HFEPX Hub

Red Team Papers (Last 120 Days)

Updated from current HFEPX corpus (Mar 1, 2026). 14 papers are grouped in this hub page.

Read Full Context

Updated from current HFEPX corpus (Mar 1, 2026). 14 papers are grouped in this hub page. Common evaluation modes: Automatic Metrics, Llm As Judge. Most common rater population: Domain Experts. Common annotation unit: Multi Dim Rubric. Frequently cited benchmark: Jailbreakbench. Common metric signal: accuracy. Use this page to compare protocol setup, judge behavior, and labeling design decisions before running new eval experiments. Newest paper in this set is from Dec 18, 2025.

Papers: 14 Last published: Dec 18, 2025 Global RSS Tag RSS
Red TeamLast 120d

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

All Sampled Papers (14) Replication-Ready Only (0)

High-Signal Coverage

100.0%

14 / 14 sampled papers are not low-signal flagged.

Replication-Ready Set

0

Benchmark + metric + eval mode explicitly present.

Judge/Human Comparability

0

Papers containing both `human_eval` and `llm_as_judge`.

  • 0 papers are replication-ready (benchmark + metric + explicit evaluation mode).
  • 0 papers support judge-vs-human agreement analysis.
  • 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Currently showing only replication-ready papers in ranking and matrix sections (0 papers).

Why This Matters (Expanded)

Why This Matters For Eval Research

  • 100% of papers report explicit human-feedback signals, led by red-team protocols.
  • automatic metrics appears in 35.7% of papers in this hub.
  • Jailbreakbench is a recurring benchmark anchor for cross-paper comparisons in this page.
Protocol Notes (Expanded)

Protocol Takeaways

  • Quality-control reporting is sparse in this slice; prioritize papers with explicit calibration or adjudication steps.
  • Rater context is mostly domain experts, and annotation is commonly multi-dimensional rubrics; use this to scope replication staffing.
  • Pair this hub with a human_eval-heavy hub to validate judge-model calibration.

Benchmark Interpretation

  • Jailbreakbench appears in 7.1% of hub papers (1/14); use this cohort for benchmark-matched comparisons.

Metric Interpretation

  • accuracy is reported in 14.3% of hub papers (2/14); compare with a secondary metric before ranking methods.
  • jailbreak success rate is reported in 14.3% of hub papers (2/14); compare with a secondary metric before ranking methods.
Researcher Checklist (Expanded)

Researcher Checklist

  • Strong: Papers with explicit human feedback

    Coverage is strong (100% vs 45% target).

  • Gap: Papers reporting quality controls

    Coverage is a replication risk (0% vs 30% target).

  • Gap: Papers naming benchmarks/datasets

    Coverage is a replication risk (7.1% vs 35% target).

  • Moderate: Papers naming evaluation metrics

    Coverage is usable but incomplete (28.6% vs 35% target).

  • Gap: Papers with known rater population

    Coverage is a replication risk (14.3% vs 35% target).

  • Gap: Papers with known annotation unit

    Coverage is a replication risk (7.1% vs 35% target).

Strengths

  • Strong human-feedback signal (100% of papers).

Known Gaps

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (14.3% coverage).
  • Annotation unit is under-specified (7.1% coverage).

Suggested Next Analyses

  • Pair this hub with a human_eval-heavy hub to validate judge-model calibration.
  • Track metric sensitivity by reporting both accuracy and jailbreak success rate.
Recommended Queries (Expanded)

Recommended Queries

LLM-as-Judge Protocols Benchmark Slice: Jailbreakbench Metric Slice: accuracy Recent High-Signal Papers
Suggested Reading Order (Extended)

This section is intentionally expanded only when needed; use “Start Here” above for a faster pass.

Suggested Reading Order

  1. Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search

    Start here for detailed protocol reporting and quality-control evidence. Signals: automatic metrics + red-team protocols. Focus: accuracy. Abstract: As Large Language Models (LLMs) are increasingly used, their security.

  2. Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

    Start here for detailed protocol reporting and quality-control evidence. Signals: pairwise preferences. Abstract: Recent advances in alignment techniques such as Supervised Fine-Tuning (SFT), Reinforcement Learning from Human Feedback.

  3. A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

    Start here for detailed protocol reporting and quality-control evidence. Signals: automatic metrics + red-team protocols. Abstract: Cybersecurity threats are becoming increasingly sophisticated, making traditional defense mechanisms and manual.

  4. Refusal Steering: Fine-grained Control over LLM Refusal Behaviour for Sensitive Topics

    Include a human-eval paper to calibrate against judge-based evaluation settings. Signals: LLM-as-judge + red-team protocols. Focus: Jailbreakbench. Abstract: We replace fragile pattern-based refusal detection with an LLM-as-a-judge that.

  5. What Matters For Safety Alignment?

    Include a human-eval paper to calibrate against judge-based evaluation settings. Signals: automatic metrics + red-team protocols. Focus: success rate. Abstract: This paper presents a comprehensive empirical study on.

  6. Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

    Adds simulation environments with red-team protocols for broader protocol coverage within this hub. Signals: simulation environments + red-team protocols. Abstract: Large Language Models (LLMs) are increasingly utilized for.

  7. MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

    Adds automatic metrics with red-team protocols for broader protocol coverage within this hub. Signals: automatic metrics + red-team protocols. Focus: success rate. Abstract: Defending LLMs against adversarial jailbreak.

  8. FENCE: A Financial and Multimodal Jailbreak Detection Dataset

    Adds automatic metrics with red-team protocols for broader protocol coverage within this hub. Signals: automatic metrics + red-team protocols. Focus: accuracy. Abstract: Jailbreaking poses a significant risk to.

Known Limitations

Known Limitations

  • Only 0% of papers report quality controls; prioritize calibration/adjudication evidence.
  • Rater population is under-specified (14.3% coverage).
  • Narrative synthesis is grounded in metadata and abstracts only; full-paper implementation details are not parsed.
Research Utility Snapshot (Detailed)

Research Utility Snapshot

Human Feedback Mix

  • Red Team (14)
  • Pairwise Preference (1)
  • Rubric Rating (1)

Evaluation Modes

  • Automatic Metrics (5)
  • Llm As Judge (1)
  • Simulation Env (1)

Top Benchmarks

  • Jailbreakbench (1)

Top Metrics

  • Accuracy (2)
  • Jailbreak success rate (2)
  • Success rate (2)
  • Conciseness (1)

Rater Population Mix

  • Domain Experts (2)

Quality Controls

Coverage diagnostics (sample-based): human-feedback 100.0% · benchmarks 7.1% · metrics 28.6% · quality controls 0.0%.

Top Papers

No replication-ready papers in the loaded sample. Switch to “All Sampled Papers” for broader coverage.

Related Hubs

Need human evaluators for your AI research? Scale annotation with expert AI Trainers.

Post a Job Get a Quote