Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

Fatih Uenal · Apr 7, 2026 · Citations: 0

Open arXiv Find Implementation RSS feed Shortlist (0)

Data freshness

Extraction: Fresh

Check recency before relying on this page for active eval decisions. Use stale pages as context and verify against current hub results.

Metadata refreshed

Apr 7, 2026, 1:29 PM

Recent

Extraction refreshed

Apr 10, 2026, 7:26 AM

Fresh

Extraction source

Persisted extraction

Confidence 0.45

Abstract

The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003 (SBP-003), extending the HAAS (Helvetic AI Assessment Score) from six to eight dimensions by adding D7 (Self-Graded Reliability Proxy) and D8 (Adversarial Security). I evaluate ten frontier models across 808 Swiss-specific items in four languages (German, French, Italian, English), comprising seven Swiss-adapted benchmarks (Swiss TruthfulQA, Swiss IFEval, Swiss SimpleQA, Swiss NIAH, Swiss PII-Scope, System Prompt Leakage, and Swiss German Comprehension) targeting FINMA Guidance 08/2024, the revised Federal Act on Data Protection (nDSG), and OWASP Top 10 for LLMs. Self-graded D7 scores (73-94%) exceed externally judged D8 security scores (20-61%) by a wide margin, though these dimensions use non-comparable scoring regimes. System prompt leakage resistance ranges from 24.8% to 88.2%, while PII extraction defense remains weak (14-42%) across all models. Qwen 3.5 Plus achieves the highest self-graded D7 score (94.4%), while GPT-oss 120B achieves the highest D8 score (60.7%) despite being the lowest-cost model evaluated. All evaluations are zero-shot under provider default settings; D7 is self-graded and does not constitute independently validated accuracy. I provide conceptual mapping tables relating benchmark dimensions to FINMA model validation requirements, nDSG data protection obligations, and OWASP LLM risk categories.

Low-signal caution for protocol decisions

Use this page for context, then validate protocol choices against stronger HFEPX references before implementation decisions.

Extraction flags indicate low-signal or possible false-positive protocol mapping.
Extraction confidence is 0.45 (below strong-reference threshold).

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub

HFEPX Relevance Assessment

This paper is adjacent to HFEPX scope and is best used for background context, not as a primary protocol reference.

Best use

Background context only

Use if you need

A benchmark-and-metrics comparison anchor.

Main weakness

Extraction flags indicate low-signal or possible false-positive protocol mapping.

Trust level

Low

Eval-Fit Score

5/100 • Low

Treat as adjacent context, not a core eval-method reference.

Human Feedback Signal

Not explicit in abstract metadata

Evaluation Signal

Detected

HFEPX Fit

Adjacent candidate

Extraction confidence: Low

If you are doing eval pipeline work, start here:

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub Tool-Use Eval Hub

Field Provenance & Confidence

Each key protocol field shows extraction state, confidence band, and data source so you can decide whether to trust it directly or validate from full text.

Human Feedback Types

missing

None explicit

Confidence: Low Source: Persisted extraction missing

No explicit feedback protocol extracted.

Evidence snippet: The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks.

Evaluation Modes

partial

Automatic Metrics

Confidence: Low Source: Persisted extraction evidenced

Includes extracted eval setup.

Quality Controls

missing

Not reported

Confidence: Low Source: Persisted extraction missing

No explicit QC controls found.

Benchmarks / Datasets

partial

Needle In A Haystack, IFEval, SimpleQA, TruthfulQA, Swiss Bench

Confidence: Low Source: Persisted extraction evidenced

Useful for quick benchmark comparison.

Evidence snippet: This paper introduces Swiss-Bench 003 (SBP-003), extending the HAAS (Helvetic AI Assessment Score) from six to eight dimensions by adding D7 (Self-Graded Reliability Proxy) and D8 (Adversarial Security).

Reported Metrics

partial

Accuracy, Cost

Confidence: Low Source: Persisted extraction evidenced

Useful for evaluation criteria comparison.

Evidence snippet: Qwen 3.5 Plus achieves the highest self-graded D7 score (94.4%), while GPT-oss 120B achieves the highest D8 score (60.7%) despite being the lowest-cost model evaluated.

Rater Population

missing

Unknown

Confidence: Low Source: Persisted extraction missing

Rater source not explicitly reported.

Human Data Lens

Uses human feedback: No
Feedback types: None
Rater population: Unknown
Unit of annotation: Unknown
Expertise required: General
Extraction source: Persisted extraction

Evaluation Lens

Evaluation modes: Automatic Metrics
Agentic eval: None
Quality controls: Not reported
Confidence: 0.45
Flags: low_signal, possible_false_positive

Protocol And Measurement Signals

Benchmarks / Datasets

Needle In A HaystackIFEvalSimpleQATruthfulQASwiss-Bench

Reported Metrics

accuracycost

Research Brief

Deterministic synthesis

The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused… HFEPX signals include Automatic Metrics with confidence 0.45. Updated from current HFEPX corpus.

Generated Apr 10, 2026, 7:26 AM · Grounded in abstract + metadata only

Key Takeaways

The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security,…
Self-graded D7 scores (73-94%) exceed externally judged D8 security scores (20-61%) by a wide margin, though these dimensions use non-comparable scoring regimes.

Researcher Actions

Treat this as method context, then pivot to protocol-specific HFEPX hubs.
Cross-check benchmark overlap: Needle In A Haystack, IFEval, SimpleQA.
Validate metric comparability (accuracy, cost).

Caveats

Generated from title, abstract, and extracted metadata only; full-paper implementation details are not parsed.
Low-signal flag detected: protocol relevance may be indirect.

Recommended Queries

human-eval protocol design pairwise preference data quality inter-rater agreement adjudication

Research Summary

Contribution Summary

The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused…
Self-graded D7 scores (73-94%) exceed externally judged D8 security scores (20-61%) by a wide margin, though these dimensions use non-comparable scoring regimes.
All evaluations are zero-shot under provider default settings; D7 is self-graded and does not constitute independently validated accuracy.

Why It Matters For Eval

Self-graded D7 scores (73-94%) exceed externally judged D8 security scores (20-61%) by a wide margin, though these dimensions use non-comparable scoring regimes.
All evaluations are zero-shot under provider default settings; D7 is self-graded and does not constitute independently validated accuracy.

Researcher Checklist

Gap: Human feedback protocol is explicit

No explicit human feedback protocol detected.
Pass: Evaluation mode is explicit

Detected: Automatic Metrics
Gap: Quality control reporting appears

No calibration/adjudication/IAA control explicitly detected.
Pass: Benchmark or dataset anchors are present

Detected: Needle In A Haystack, IFEval, SimpleQA, TruthfulQA
Pass: Metric reporting is present

Detected: accuracy, cost

Category-Adjacent Papers (Broader Context)

These papers are nearby in arXiv category and useful for broader context, but not necessarily protocol-matched to this paper.

Don't Overthink It: Inter-Rollout Action Agreement as a Free Adaptive-Compute Signal for LLM Agents
Benchmark-aligned Protocol Overlap

Citations: 0 Relevance: 4.90
- Shared arXiv category (cs.AI, cs.CL)
- Shared metric mentions
HyperMem: Hypergraph Memory for Long-Term Conversations
Benchmark-aligned Protocol Overlap

Citations: 0 Relevance: 4.45
- Shared arXiv category (cs.AI, cs.CL)
- Shared metric mentions
KV Cache Offloading for Context-Intensive Tasks
Benchmark-aligned Protocol Overlap

Citations: 0 Relevance: 4.45
- Shared arXiv category (cs.AI, cs.CL)
- Shared metric mentions
A GAN and LLM-Driven Data Augmentation Framework for Dynamic Linguistic Pattern Modeling in Chinese Sarcasm Detection
Category Neighbor Protocol Overlap

Citations: 0 Relevance: 3.65
- Shared arXiv category (cs.AI, cs.CL)
- Shared terminology (adversarial)
AVGen-Bench: A Task-Driven Benchmark for Multi-Granular Evaluation of Text-to-Audio-Video Generation
Category Neighbor Protocol Overlap

Citations: 0 Relevance: 3.65
- Shared arXiv category (cs.AI, cs.CL)
- Shared terminology (reliability)
Verify Before You Commit: Towards Faithful Reasoning in LLM Agents via Self-Auditing
Category Neighbor Protocol Overlap

Citations: 0 Relevance: 3.65
- Shared arXiv category (cs.AI, cs.CL)
- Shared terminology (adversarial)
What do Language Models Learn and When? The Implicit Curriculum Hypothesis
Benchmark-aligned Protocol Overlap

Citations: 0 Relevance: 3.30
- Shared arXiv category (cs.CL)
- Shared metric mentions
Ads in AI Chatbots? An Analysis of How Large Language Models Navigate Conflicts of Interest
Category Neighbor Protocol Overlap

Citations: 0 Relevance: 3.20
- Shared arXiv category (cs.AI, cs.CL)

Need human evaluators for your AI research? Scale annotation with expert AI Trainers.

Post a Job Get a Quote