Automated red teaming holds substantial promise for uncovering and mitigating the risks associated with the malicious use of large language models (LLMs), yet the field lacks a standardized evaluation framework to rigorously assess new methods. To address this issue, we introduce HarmBench, a standardized evaluation framework for automated red teaming. We identify several desirable properties previously unaccounted for in red teaming evaluations and systematically design HarmBench to meet these criteria. Using HarmBench, we conduct a large-scale comparison of 18 red teaming methods and 33 target LLMs and defenses, yielding novel insights. We also introduce a highly efficient adversarial training method that greatly enhances LLM robustness across a wide range of attacks, demonstrating how HarmBench enables codevelopment of attacks and defenses. We open source HarmBench at https://github.com/centerforaisafety/HarmBench.

翻译：自动化红队测试在揭示和缓解大型语言模型（LLM）被恶意利用的风险方面具有重要前景，然而该领域目前缺乏一个标准化的评估框架来严格评估新方法。为解决这一问题，我们提出了HarmBench——一个面向自动化红队测试的标准化评估框架。我们识别了以往红队测试评估中未考虑的若干理想特性，并系统性地设计了HarmBench以满足这些标准。借助HarmBench，我们对18种红队测试方法与33个目标LLM及防御策略进行了大规模比较，获得了一系列新颖的见解。此外，我们引入了一种高效的对抗训练方法，该方法能显著增强LLM在广泛攻击下的鲁棒性，展示了HarmBench如何促进攻击与防御的协同发展。我们已在https://github.com/centerforaisafety/HarmBench上开源HarmBench。