JailBench: A Comprehensive Chinese Security Assessment Benchmark for Large Language Models

TL;DR

JailBench is a comprehensive Chinese benchmark designed to evaluate and expose deep-seated safety vulnerabilities in large language models, utilizing novel techniques to improve assessment effectiveness and scalability.

Contribution

The paper introduces JailBench, the first detailed Chinese-specific safety assessment benchmark for LLMs, with a novel framework for automatic dataset scaling and vulnerability detection.

Findings

Achieves highest attack success rate against ChatGPT among Chinese benchmarks.

Effectively exposes latent vulnerabilities in 13 mainstream LLMs.

Demonstrates substantial room for improving LLM safety in Chinese language applications.

Abstract

Large language models (LLMs) have demonstrated remarkable capabilities across various applications, highlighting the urgent need for comprehensive safety evaluations. In particular, the enhanced Chinese language proficiency of LLMs, combined with the unique characteristics and complexity of Chinese expressions, has driven the emergence of Chinese-specific benchmarks for safety assessment. However, these benchmarks generally fall short in effectively exposing LLM safety vulnerabilities. To address the gap, we introduce JailBench, the first comprehensive Chinese benchmark for evaluating deep-seated vulnerabilities in LLMs, featuring a refined hierarchical safety taxonomy tailored to the Chinese context. To improve generation efficiency, we employ a novel Automatic Jailbreak Prompt Engineer (AJPE) framework for JailBench construction, which incorporates jailbreak techniques to enhance assessing effectiveness and leverages LLMs to automatically scale up the dataset through context-learning. The proposed JailBench is extensively evaluated over 13 mainstream LLMs and achieves the highest attack success rate against ChatGPT compared to existing Chinese benchmarks, underscoring its efficacy in identifying latent vulnerabilities in LLMs, as well as illustrating the substantial room for improvement in the security and trustworthiness of LLMs within the Chinese context. Our benchmark is publicly available at https://github.com/STAIR-BUPT/JailBench.