Table of Contents
Fetching ...

RiskAtlas: Exposing Domain-Specific Risks in LLMs through Knowledge-Graph-Guided Harmful Prompt Generation

Huawei Zheng, Xinqi Jiang, Sen Yang, Shouling Ji, Yingcai Wu, Dazhen Deng

TL;DR

RiskAtlas introduces a scalable end-to-end framework that uses domain knowledge graphs to generate explicit harmful prompts anchored to domain entities and then employs dual-path obfuscation rewriting to produce implicit, stealthy prompts reflecting real-world risks. Grounded in Wikidata subgraphs, the pipeline uses few-shot exemplars and multi-objective filtering to ensure domain relevance and fluency, enabling realistic red-teaming across medicine, finance, law, and education. The dual-path obfuscation, comprising direct rewriting and domain-context card enrichment, yields higher obfuscation success and generalizes across model scales while preserving core capabilities. Experimental results show that RiskAtlas outperforms public benchmarks in exposing covert risks and generalizes to both open and closed models, underscoring its value for safety evaluation and alignment research.

Abstract

Large language models (LLMs) are increasingly applied in specialized domains such as finance and healthcare, where they introduce unique safety risks. Domain-specific datasets of harmful prompts remain scarce and still largely rely on manual construction; public datasets mainly focus on explicit harmful prompts, which modern LLM defenses can often detect and refuse. In contrast, implicit harmful prompts-expressed through indirect domain knowledge-are harder to detect and better reflect real-world threats. We identify two challenges: transforming domain knowledge into actionable constraints and increasing the implicitness of generated harmful prompts. To address them, we propose an end-to-end framework that first performs knowledge-graph-guided harmful prompt generation to systematically produce domain-relevant prompts, and then applies dual-path obfuscation rewriting to convert explicit harmful prompts into implicit variants via direct and context-enhanced rewriting. This framework yields high-quality datasets combining strong domain relevance with implicitness, enabling more realistic red-teaming and advancing LLM safety research. We release our code and datasets at GitHub.

RiskAtlas: Exposing Domain-Specific Risks in LLMs through Knowledge-Graph-Guided Harmful Prompt Generation

TL;DR

RiskAtlas introduces a scalable end-to-end framework that uses domain knowledge graphs to generate explicit harmful prompts anchored to domain entities and then employs dual-path obfuscation rewriting to produce implicit, stealthy prompts reflecting real-world risks. Grounded in Wikidata subgraphs, the pipeline uses few-shot exemplars and multi-objective filtering to ensure domain relevance and fluency, enabling realistic red-teaming across medicine, finance, law, and education. The dual-path obfuscation, comprising direct rewriting and domain-context card enrichment, yields higher obfuscation success and generalizes across model scales while preserving core capabilities. Experimental results show that RiskAtlas outperforms public benchmarks in exposing covert risks and generalizes to both open and closed models, underscoring its value for safety evaluation and alignment research.

Abstract

Large language models (LLMs) are increasingly applied in specialized domains such as finance and healthcare, where they introduce unique safety risks. Domain-specific datasets of harmful prompts remain scarce and still largely rely on manual construction; public datasets mainly focus on explicit harmful prompts, which modern LLM defenses can often detect and refuse. In contrast, implicit harmful prompts-expressed through indirect domain knowledge-are harder to detect and better reflect real-world threats. We identify two challenges: transforming domain knowledge into actionable constraints and increasing the implicitness of generated harmful prompts. To address them, we propose an end-to-end framework that first performs knowledge-graph-guided harmful prompt generation to systematically produce domain-relevant prompts, and then applies dual-path obfuscation rewriting to convert explicit harmful prompts into implicit variants via direct and context-enhanced rewriting. This framework yields high-quality datasets combining strong domain relevance with implicitness, enabling more realistic red-teaming and advancing LLM safety research. We release our code and datasets at GitHub.
Paper Structure (24 sections, 6 equations, 2 figures, 12 tables, 1 algorithm)

This paper contains 24 sections, 6 equations, 2 figures, 12 tables, 1 algorithm.

Figures (2)

  • Figure 1: RiskAtlas: An end-to-end synthesis framework for domain-specific harmful prompt generation.
  • Figure 2: An example of obfuscation rewriting.