HarmBench: A Standardized Evaluation Framework for Automated Red Teaming and Robust Refusal
Mantas Mazeika, Long Phan, Xuwang Yin, Andy Zou, Zifan Wang, Norman, Mu, Elham Sakhaee, Nathaniel Li, Steven Basart, Bo Li, David Forsyth, Dan, Hendrycks
TL;DR
HarmBench is a comprehensive evaluation framework for automated red teaming of large language models, enabling systematic comparison of methods and defenses, and facilitating the development of more robust models.
Contribution
This paper introduces HarmBench, a standardized and systematic evaluation framework for automated red teaming of LLMs, addressing the lack of such tools in the field.
Findings
Large-scale comparison of 18 red teaming methods and 33 LLMs and defenses.
Introduction of an efficient adversarial training method that improves LLM robustness.
HarmBench enables co-development of attacks and defenses for LLM safety.
Abstract
Automated red teaming holds substantial promise for uncovering and mitigating the risks associated with the malicious use of large language models (LLMs), yet the field lacks a standardized evaluation framework to rigorously assess new methods. To address this issue, we introduce HarmBench, a standardized evaluation framework for automated red teaming. We identify several desirable properties previously unaccounted for in red teaming evaluations and systematically design HarmBench to meet these criteria. Using HarmBench, we conduct a large-scale comparison of 18 red teaming methods and 33 target LLMs and defenses, yielding novel insights. We also introduce a highly efficient adversarial training method that greatly enhances LLM robustness across a wide range of attacks, demonstrating how HarmBench enables codevelopment of attacks and defenses. We open source HarmBench at…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
- 🤗cais/HarmBench-Llama-2-13b-clsmodel· 93k dl· ♡ 2893k dl♡ 28
- 🤗cais/HarmBench-Llama-2-13b-cls-multimodal-behaviorsmodel· 1.5k dl· ♡ 11.5k dl♡ 1
- 🤗cais/HarmBench-Mistral-7b-val-clsmodel· 1.1k dl· ♡ 71.1k dl♡ 7
- 🤗RichardErkhov/cais_-_HarmBench-Llama-2-13b-cls-4bitsmodel· 2 dl2 dl
- 🤗RichardErkhov/cais_-_HarmBench-Llama-2-13b-cls-8bitsmodel
- 🤗RichardErkhov/cais_-_HarmBench-Llama-2-13b-cls-ggufmodel· 38 dl38 dl
- 🤗RichardErkhov/cais_-_HarmBench-Llama-2-13b-cls-multimodal-behaviors-ggufmodel· 53 dl53 dl
- 🤗RichardErkhov/cais_-_HarmBench-Mistral-7b-val-cls-ggufmodel· 346 dl346 dl
- 🤗RichardErkhov/cais_-_HarmBench-Mistral-7b-val-cls-4bitsmodel
- 🤗RichardErkhov/cais_-_HarmBench-Mistral-7b-val-cls-8bitsmodel
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsComplex Systems and Decision Making · Information and Cyber Security