Skip to content
OpenTrain AIFor AI Companies
← Back to explorer

AdversaBench: Automated LLM Red-Teaming with Multi-Judge Confirmation and Cross-Model Transferability

Khanak Khandelwal · Jun 23, 2026 · Citations: 0

Automatic Metrics Coding Pairwise Preference Red Team Tool Use
Open arXiv Find Implementation RSS feed Shortlist (0)

How to use this page

High trust

Use this as a practical starting point for protocol research, then validate against the original paper.

Best use

Primary benchmark and eval reference

What to verify

Validate the exact study setup in the full paper before operational use.

Evidence quality

High

Derived from extracted protocol signals and abstract evidence.

Abstract

Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real. We present AdversaBench, an end-to-end red-teaming pipeline that mutates seed prompts with five structured operators, queries a target model, and confirms failures through a three-judge panel with a meta-judge tiebreaker. We report experiments on 45 seeds across three categories: reasoning, instruction-following, and tool use. Every seed produced a confirmed failure. Four findings stand out. First, operator effectiveness varies sharply by category: inject_distractor scores 0.00 mean reward on instruction-following seeds but 0.80-0.83 on reasoning and tool-use. Second, binary failure rate hides difficulty: instruction-following seeds required 2.4 attacker iterations on average versus 1.1 for other categories, a gap visible in survival curves. Third, pairwise judge agreement of 80-87% coexists with near-zero Cohen's kappa due to label skew; category-level disagreement rates are more informative. Fourth, adversarial prompts generated against Llama 3.1 8B transfer zero-shot to Llama 3.3 70B, suggesting the mutations exploit general behavioral patterns rather than model-specific weaknesses. Code, dataset, and analysis scripts are available at https://github.com/khanak0509/AdversaBench .

Should You Rely On This Paper?

This paper has strong direct human-feedback and evaluation protocol signal and is suitable as a primary eval pipeline reference.

Best use

Primary benchmark and eval reference

Use if you need

A concrete protocol example with enough signal to inform rater workflow design.

Main weakness

No major weakness surfaced.

Trust level

High

Usefulness score

75/100 • High

Use this as a primary source when designing or comparing eval protocols.

Human Feedback Signal

Detected

Evaluation Signal

Detected

Usefulness for eval research

High-confidence candidate

Extraction confidence 90%

If you are doing eval pipeline work, start here:

Human Eval Hub LLM-as-Judge Hub Pairwise Preference Hub Tool-Use Eval Hub

What We Could Verify

These are the protocol signals we could actually recover from the available paper metadata. Use them to decide whether this paper is worth deeper reading.

Human Feedback Types

strong

Pairwise Preference, Red Team

Directly usable for protocol triage.

"Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real."

Evaluation Modes

strong

Automatic Metrics

Includes extracted eval setup.

"Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real."

Quality Controls

strong

Inter Annotator Agreement Reported

Calibration/adjudication style controls detected.

"Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real."

Benchmarks / Datasets

strong

Adversabench

Useful for quick benchmark comparison.

"We present AdversaBench, an end-to-end red-teaming pipeline that mutates seed prompts with five structured operators, queries a target model, and confirms failures through a three-judge panel with a meta-judge tiebreaker."

Reported Metrics

strong

Kappa, Agreement

Useful for evaluation criteria comparison.

"Third, pairwise judge agreement of 80-87% coexists with near-zero Cohen's kappa due to label skew; category-level disagreement rates are more informative."

Human Feedback Details

  • Uses human feedback: Yes
  • Feedback types: Pairwise Preference, Red Team
  • Rater population: Not reported
  • Unit of annotation: Pairwise
  • Expertise required: Coding

Evaluation Details

  • Evaluation modes: Automatic Metrics
  • Agentic eval: Tool Use
  • Quality controls: Inter Annotator Agreement Reported
  • Evidence quality: High
  • Use this page as: Primary benchmark and eval reference

Protocol And Measurement Signals

Benchmarks / Datasets

Adversabench

Reported Metrics

kappaagreement

Research Brief

Metadata summary

Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real.

Based on abstract + metadata only. Check the source paper before making high-confidence protocol decisions.

Key Takeaways

  • Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real.
  • We present AdversaBench, an end-to-end red-teaming pipeline that mutates seed prompts with five structured operators, queries a target model, and confirms failures through a three-judge panel with a meta-judge tiebreaker.
  • We report experiments on 45 seeds across three categories: reasoning, instruction-following, and tool use.

Researcher Actions

  • Compare this paper against nearby papers in the same arXiv category before using it for protocol decisions.
  • Validate inferred eval signals (Tool-use evaluation) against the full paper.
  • Use related-paper links to find stronger protocol-specific references.

Caveats

  • Generated from abstract + metadata only; no PDF parsing.
  • Signals below are heuristic and may miss details reported outside the abstract.

Research Summary

Contribution Summary

  • Scaling adversarial evaluation of large language models requires both a method for generating hard inputs and a reliable way to confirm that resulting failures are real.
  • We present AdversaBench, an end-to-end red-teaming pipeline that mutates seed prompts with five structured operators, queries a target model, and confirms failures through a three-judge panel with a meta-judge tiebreaker.
  • Third, pairwise judge agreement of 80-87% coexists with near-zero Cohen's kappa due to label skew; category-level disagreement rates are more informative.

Why It Matters For Eval

  • We present AdversaBench, an end-to-end red-teaming pipeline that mutates seed prompts with five structured operators, queries a target model, and confirms failures through a three-judge panel with a meta-judge tiebreaker.
  • Third, pairwise judge agreement of 80-87% coexists with near-zero Cohen's kappa due to label skew; category-level disagreement rates are more informative.

Researcher Checklist

  • Pass: Human feedback protocol is explicit

    Detected: Pairwise Preference, Red Team

  • Pass: Evaluation mode is explicit

    Detected: Automatic Metrics

  • Pass: Quality control reporting appears

    Detected: Inter Annotator Agreement Reported

  • Pass: Benchmark or dataset anchors are present

    Detected: Adversabench

  • Pass: Metric reporting is present

    Detected: kappa, agreement

Related Papers

Papers are ranked by protocol overlap, extraction signal alignment, and semantic proximity.