Do Methods to Jailbreak and Defend LLMs Generalize Across Languages?
It addresses the cross-lingual generalization of safety issues in LLMs, highlighting the need for language-aware benchmarks, but is incremental as it extends existing methods to new data.
This paper systematically evaluated jailbreak attacks and defenses across ten languages using six LLMs, finding that attack success and defense robustness vary by language, with high-resource languages being safer under standard queries but more vulnerable to adversarial ones.
Large language models (LLMs) undergo safety alignment after training and tuning, yet recent work shows that safety can be bypassed through jailbreak attacks. While many jailbreaks and defenses exist, their cross-lingual generalization remains underexplored. This paper presents the first systematic multilingual evaluation of jailbreaks and defenses across ten languages -- spanning high-, medium-, and low-resource languages -- using six LLMs on HarmBench and AdvBench. We assess two jailbreak types: logical-expression-based and adversarial-prompt-based. For both types, attack success and defense robustness vary across languages: high-resource languages are safer under standard queries but more vulnerable to adversarial ones. Simple defenses can be effective, but are language- and model-dependent. These findings call for language-aware and cross-lingual safety benchmarks for LLMs.