Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Multi-lingual Multi-turn Automated Red Teaming for LLMs

Abhishek Singhania, Christophe Dupuy, Shivam Mangale, Amani Namboori

TL;DR

The paper tackles the challenge of robust safety evaluation for LLMs across languages and conversation depths. It introduces MM-ART, a two-stage framework that generates conversation starters and then automates multi-turn conversations in multiple languages using translation, with an LLM-based agent driving turn generation and a safety assessor judging responses. The study analyzes six target LLMs over seven languages and finds that safety vulnerabilities escalate with conversational depth and across non-English languages, with translation capable of bypassing some alignments, yielding up to 195% more unsafe content than English single-turn baselines. These findings underscore the necessity of cross-language, multi-turn red-teaming to accurately gauge deployment risks and to guide alignment practices. The work also points to future directions in prompt regeneration and multimodal extension to further strengthen safety evaluation pipelines.

Abstract

Language Model Models (LLMs) have improved dramatically in the past few years, increasing their adoption and the scope of their capabilities over time. A significant amount of work is dedicated to ``model alignment'', i.e., preventing LLMs to generate unsafe responses when deployed into customer-facing applications. One popular method to evaluate safety risks is \textit{red-teaming}, where agents attempt to bypass alignment by crafting elaborate prompts that trigger unsafe responses from a model. Standard human-driven red-teaming is costly, time-consuming and rarely covers all the recent features (e.g., multi-lingual, multi-modal aspects), while proposed automation methods only cover a small subset of LLMs capabilities (i.e., English or single-turn). We present Multi-lingual Multi-turn Automated Red Teaming (\textbf{MM-ART}), a method to fully automate conversational, multi-lingual red-teaming operations and quickly identify prompts leading to unsafe responses. Through extensive experiments on different languages, we show the studied LLMs are on average 71\% more vulnerable after a 5-turn conversation in English than after the initial turn. For conversations in non-English languages, models display up to 195\% more safety vulnerabilities than the standard single-turn English approach, confirming the need for automated red-teaming methods matching LLMs capabilities.

Multi-lingual Multi-turn Automated Red Teaming for LLMs

TL;DR

The paper tackles the challenge of robust safety evaluation for LLMs across languages and conversation depths. It introduces MM-ART, a two-stage framework that generates conversation starters and then automates multi-turn conversations in multiple languages using translation, with an LLM-based agent driving turn generation and a safety assessor judging responses. The study analyzes six target LLMs over seven languages and finds that safety vulnerabilities escalate with conversational depth and across non-English languages, with translation capable of bypassing some alignments, yielding up to 195% more unsafe content than English single-turn baselines. These findings underscore the necessity of cross-language, multi-turn red-teaming to accurately gauge deployment risks and to guide alignment practices. The work also points to future directions in prompt regeneration and multimodal extension to further strengthen safety evaluation pipelines.

Abstract

Language Model Models (LLMs) have improved dramatically in the past few years, increasing their adoption and the scope of their capabilities over time. A significant amount of work is dedicated to ``model alignment'', i.e., preventing LLMs to generate unsafe responses when deployed into customer-facing applications. One popular method to evaluate safety risks is \textit{red-teaming}, where agents attempt to bypass alignment by crafting elaborate prompts that trigger unsafe responses from a model. Standard human-driven red-teaming is costly, time-consuming and rarely covers all the recent features (e.g., multi-lingual, multi-modal aspects), while proposed automation methods only cover a small subset of LLMs capabilities (i.e., English or single-turn). We present Multi-lingual Multi-turn Automated Red Teaming (\textbf{MM-ART}), a method to fully automate conversational, multi-lingual red-teaming operations and quickly identify prompts leading to unsafe responses. Through extensive experiments on different languages, we show the studied LLMs are on average 71\% more vulnerable after a 5-turn conversation in English than after the initial turn. For conversations in non-English languages, models display up to 195\% more safety vulnerabilities than the standard single-turn English approach, confirming the need for automated red-teaming methods matching LLMs capabilities.

Paper Structure

This paper contains 27 sections, 4 figures, 10 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Multi-lingual Multi-turn Automated Red Teaming (MM-ART)
  4. Conversation Starters Generation
  5. Automated Multi-turn Conversation
  6. Multi-lingual Conversations
  7. Experiments
  8. Conversation Starters Datasets
  9. Target Models and Languages
  10. Multi-turn and Multi-lingual Generation
  11. Response Assessment
  12. Evaluation Metrics
  13. Results & Discussion
  14. Main Results
  15. Detailed Analysis
  16. ...and 12 more sections

Figures (4)

  • Figure 1: Evolution of ASR ($\downarrow$) with the depth of conversations, from 1 turn to 5 turns.
  • Figure 2: Average ASR ($\downarrow$) after 5 turns across 4 sets of conversation starters and 7 languages.
  • Figure 3: ASR at first turn for Human vs. Machine translation of Multi-Jail prompts.
  • Figure 4: Average ASR ($\downarrow$) after 5 turns for the 7 categories. Values are averaged over the 7 languages.