Many studies have demonstrated that large language models (LLMs) can produce harmful responses, exposing users to unexpected risks when LLMs are deployed. Previous studies have proposed comprehensive taxonomies of the risks posed by LLMs, as well as corresponding prompts that can be used to examine the safety mechanisms of LLMs. However, the focus has been almost exclusively on English, and little has been explored for other languages. Here we aim to bridge this gap. We first introduce a dataset for the safety evaluation of Chinese LLMs, and then extend it to two other scenarios that can be used to better identify false negative and false positive examples in terms of risky prompt rejections. We further present a set of fine-grained safety assessment criteria for each risk type, facilitating both manual annotation and automatic evaluation in terms of LLM response harmfulness. Our experiments on five LLMs show that region-specific risks are the prevalent type of risk, presenting the major issue with all Chinese LLMs we experimented with. Warning: this paper contains example data that may be offensive, harmful, or biased.

翻译：多项研究表明，大语言模型可能生成有害回应，在部署时使用户面临意外风险。前期研究已提出涵盖大语言模型风险类别的综合分类体系，以及可用于检验安全机制的相应提示。然而，现有研究几乎完全聚焦英语场景，对其他语言的探索十分有限。本研究旨在填补这一空白。我们首先构建了一个用于中文大语言模型安全评估的数据集，随后将其拓展至另外两种场景，以更有效识别风险提示拒绝中的假阴性与假阳性样本。进一步地，我们针对每种风险类型制定了细粒度的安全评估准则，便于对模型回应的危害性进行人工标注与自动评估。在五个大语言模型上的实验表明，地域性风险是最普遍的威胁类型，是我们实验的所有中文大语言模型面临的主要问题。警告：本文包含可能具有攻击性、危害性或偏见的样例数据。