Saved in:
Bibliographic Details
Main Authors: Eiras, Francisco, Zemour, Eliott, Lin, Eric, Mugunthan, Vaikkunth
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.04474
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929745188356096
author Eiras, Francisco
Zemour, Eliott
Lin, Eric
Mugunthan, Vaikkunth
author_facet Eiras, Francisco
Zemour, Eliott
Lin, Eric
Mugunthan, Vaikkunth
contents Large Language Model (LLM) based judges form the underpinnings of key safety evaluation processes such as offline benchmarking, automated red-teaming, and online guardrailing. This widespread requirement raises the crucial question: can we trust the evaluations of these evaluators? In this paper, we highlight two critical challenges that are typically overlooked: (i) evaluations in the wild where factors like prompt sensitivity and distribution shifts can affect performance and (ii) adversarial attacks that target the judge. We highlight the importance of these through a study of commonly used safety judges, showing that small changes such as the style of the model output can lead to jumps of up to 0.24 in the false negative rate on the same dataset, whereas adversarial attacks on the model generation can fool some judges into misclassifying 100% of harmful generations as safe ones. These findings reveal gaps in commonly used meta-evaluation benchmarks and weaknesses in the robustness of current LLM judges, indicating that low attack success under certain judges could create a false sense of security.
format Preprint
id arxiv_https___arxiv_org_abs_2503_04474
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Know Thy Judge: On the Robustness Meta-Evaluation of LLM Safety Judges
Eiras, Francisco
Zemour, Eliott
Lin, Eric
Mugunthan, Vaikkunth
Machine Learning
Cryptography and Security
Large Language Model (LLM) based judges form the underpinnings of key safety evaluation processes such as offline benchmarking, automated red-teaming, and online guardrailing. This widespread requirement raises the crucial question: can we trust the evaluations of these evaluators? In this paper, we highlight two critical challenges that are typically overlooked: (i) evaluations in the wild where factors like prompt sensitivity and distribution shifts can affect performance and (ii) adversarial attacks that target the judge. We highlight the importance of these through a study of commonly used safety judges, showing that small changes such as the style of the model output can lead to jumps of up to 0.24 in the false negative rate on the same dataset, whereas adversarial attacks on the model generation can fool some judges into misclassifying 100% of harmful generations as safe ones. These findings reveal gaps in commonly used meta-evaluation benchmarks and weaknesses in the robustness of current LLM judges, indicating that low attack success under certain judges could create a false sense of security.
title Know Thy Judge: On the Robustness Meta-Evaluation of LLM Safety Judges
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2503.04474