Red Team Papers (Last 30 Days)

Researcher Quick Triage

This hub is best used for protocol triage and replication planning from abstract-level evidence. Quality band: Developing .

• 0 papers are replication-ready (benchmark + metric + explicit evaluation mode).
• 0 papers support judge-vs-human agreement analysis.
• 0 papers report explicit quality controls (calibration/adjudication/IAA).

Primary action: Use this page for scouting only; collect additional papers before attempting replication-critical comparisons.

Start Here (Best First 6)

Ranked for protocol completeness (human signal, benchmark + metric anchors, quality controls, and judge/human overlap).

• Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search

  Feb 26, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Accuracy

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Feb 21, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Success rate

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Feb 20, 2026 · Citations: 0 · Score: 6.0

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Accuracy

• Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

  Feb 23, 2026 · Citations: 0 · Score: 4.5

  HF: Red Team · Eval: Simulation Env · Benchmark: Not Reported · Metric: Not Reported

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Rubric Rating, Red Team · Eval: Not reported · Benchmark: Not Reported · Metric: Not Reported

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Feb 24, 2026 · Citations: 0 · Score: 4.5

  HF: Red Team · Eval: Automatic Metrics · Benchmark: Not Reported · Metric: Not Reported

Protocol Matrix (Top 12)

Use this to quickly compare protocol ingredients instead of scanning long prose.

Protocol Diff (Top Papers)

Fast side-by-side comparison for the highest-ranked papers in this hub.

Top Papers

• Assessing Risks of Large Language Models in Mental Health Support: A Framework for Automated Clinical AI Red Teaming

  Ian Steenstra, Paola Pedrelli, Weiyan Shi, Stacy Marsella, Timothy W. Bickmore · Feb 23, 2026 · Citations: 0

  Red Team Simulation Env

  Large Language Models (LLMs) are increasingly utilized for mental health support; however, current safety benchmarks often fail to detect the complex, longitudinal risks inherent in therapeutic dialogue.

• Obscure but Effective: Classical Chinese Jailbreak Prompt Optimization via Bio-Inspired Search

  Xun Huang, Simeng Qin, Xiaoshuang Jia, Ranjie Duan, Huanqian Yan · Feb 26, 2026 · Citations: 0

  Red Team Automatic Metrics

  Owing to its conciseness and obscurity, classical Chinese can partially bypass existing safety constraints, exposing notable vulnerabilities in LLMs.

• MANATEE: Inference-Time Lightweight Diffusion Based Safety Defense for LLMs

  Chun Yan Ryan Kan, Tommy Tran, Vedant Yadav, Ava Cai, Kevin Zhu · Feb 21, 2026 · Citations: 0

  Red Team Automatic Metrics

  We propose MANATEE, an inference-time defense that uses density estimation over a benign representation manifold.

• FENCE: A Financial and Multimodal Jailbreak Detection Dataset

  Mirae Kim, Seonghun Jeong, Youngjun Kwak · Feb 20, 2026 · Citations: 0

  Red Team Automatic Metrics

  A baseline detector trained on FENCE achieves 99 percent in-distribution accuracy and maintains strong performance on external benchmarks, underscoring the dataset's robustness for training reliable detection models.

• SibylSense: Adaptive Rubric Learning via Memory Tuning and Adversarial Probing

  Yifei Xu, Guilherme Potje, Shivam Shandilya, Tiancheng Yuan, Leonardo de Oliveira Nunes · Feb 24, 2026 · Citations: 0

  Rubric RatingRed Team

  We present SibylSense, an inference-time learning approach that adapts a frozen rubric generator through a tunable memory bank of validated rubric items.

• A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications

  Shruti Srivastava, Kiranmayee Janardhan, Shaurya Jauhari · Feb 24, 2026 · Citations: 0

  Red Team Automatic Metrics

  These limitations have driven the evolution toward auto-mated red teaming, which leverages artificial intelligence and automation to deliver efficient and adaptive security evaluations.

• Alignment-Weighted DPO: A principled reasoning approach to improve safety alignment

  Mengxuan Hu, Vivek V. Datla, Anoop Kumar, Zihan Guan, Sheng Li · Feb 24, 2026 · Citations: 0

  Pairwise PreferenceRed Team

  Recent advances in alignment techniques such as Supervised Fine-Tuning (SFT), Reinforcement Learning from Human Feedback (RLHF), and Direct Preference Optimization (DPO) have improved the safety of large language models (LLMs).

• IndicJR: A Judge-Free Benchmark of Jailbreak Robustness in South Asian Languages

  Priyaranjan Pattnayak, Sanchari Chowdhuri · Feb 18, 2026 · Citations: 0

  Red Team

  Safety alignment of large language models (LLMs) is mostly evaluated in English and contract-bound, leaving multilingual vulnerabilities understudied.

• Helpful to a Fault: Measuring Illicit Assistance in Multi-Turn, Multilingual LLM Agents

  Nivya Talokar, Ayush K Tarun, Murari Mandal, Maksym Andriushchenko, Antoine Bosselut · Feb 18, 2026 · Citations: 0

  Red Team

  LLM-based agents execute real-world workflows via tools and memory.

• Intent Laundering: AI Safety Datasets Are Not What They Seem

  Shahriar Golchin, Marc Wetter · Feb 17, 2026 · Citations: 0

  Red Team

  We systematically evaluate the quality of widely used AI safety datasets from two perspectives: in isolation and in practice.

• Exposing the Systematic Vulnerability of Open-Weight Models to Prefill Attacks

  Lukas Struppek, Adam Gleave, Kellin Pelrine · Feb 16, 2026 · Citations: 0

  Red Team

  We present the largest empirical study to date of prefill attacks, evaluating over 20 existing and novel strategies across multiple model families and state-of-the-art open-weight models.

• Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

  Sri Durga Sai Sowmya Kadali, Evangelos E. Papalexakis · Feb 12, 2026 · Citations: 0

  Red Team

  On an abliterated LLaMA-3.1-8B model, selectively bypassing high-susceptibility layers blocks 78% of jailbreak attempts while preserving benign behavior on 94% of benign prompts.

Related Hubs

• Red Team Papers (Last 45 Days) Hub
• Red Team Papers (Last 60 Days) Hub
• Red Team Papers (Last 120 Days) Hub
• Red Team Papers (Last 90 Days) Hub
• Red Team Papers Hub
• Red Team Or Rlaif Or Synthetic Feedback Papers Hub