Multi-lingual Multi-turn Automated Red Teaming for LLMs
This addresses the need for efficient safety evaluation in LLMs for developers and users, though it is incremental as it extends existing automation methods to cover more capabilities.
The paper tackled the problem of evaluating safety risks in LLMs by developing MM-ART, a method for automated red-teaming that covers multi-lingual and multi-turn conversations, showing that LLMs are 71% more vulnerable after 5-turn English conversations and up to 195% more vulnerable in non-English languages compared to standard single-turn English approaches.
Language Model Models (LLMs) have improved dramatically in the past few years, increasing their adoption and the scope of their capabilities over time. A significant amount of work is dedicated to ``model alignment'', i.e., preventing LLMs to generate unsafe responses when deployed into customer-facing applications. One popular method to evaluate safety risks is \textit{red-teaming}, where agents attempt to bypass alignment by crafting elaborate prompts that trigger unsafe responses from a model. Standard human-driven red-teaming is costly, time-consuming and rarely covers all the recent features (e.g., multi-lingual, multi-modal aspects), while proposed automation methods only cover a small subset of LLMs capabilities (i.e., English or single-turn). We present Multi-lingual Multi-turn Automated Red Teaming (\textbf{MM-ART}), a method to fully automate conversational, multi-lingual red-teaming operations and quickly identify prompts leading to unsafe responses. Through extensive experiments on different languages, we show the studied LLMs are on average 71\% more vulnerable after a 5-turn conversation in English than after the initial turn. For conversations in non-English languages, models display up to 195\% more safety vulnerabilities than the standard single-turn English approach, confirming the need for automated red-teaming methods matching LLMs capabilities.