Saved in:
Bibliographic Details
Main Authors: Zhou, Zhenhong, Yan, Shilinlu, Liu, Chuanpu, Li, Qiankun, Wang, Kun, Zeng, Zhigang
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.00588
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908746402234368
author Zhou, Zhenhong
Yan, Shilinlu
Liu, Chuanpu
Li, Qiankun
Wang, Kun
Zeng, Zhigang
author_facet Zhou, Zhenhong
Yan, Shilinlu
Liu, Chuanpu
Li, Qiankun
Wang, Kun
Zeng, Zhigang
contents Large language models (LLMs) are increasingly deployed in cost-sensitive and on-device scenarios, and safety guardrails have advanced mainly in English. However, real-world Chinese malicious queries typically conceal intent via homophones, pinyin, symbol-based splitting, and other Chinese-specific patterns. These Chinese-specific adversarial patterns create the safety evaluation gap that is not well captured by existing benchmarks focused on English. This gap is particularly concerning for lightweight models, which may be more vulnerable to such specific adversarial perturbations. To bridge this gap, we introduce the Chinese-Specific Safety Benchmark (CSSBench) that emphasizes these adversarial patterns and evaluates the safety of lightweight LLMs in Chinese. Our benchmark covers six domains that are common in real Chinese scenarios, including illegal activities and compliance, privacy leakage, health and medical misinformation, fraud and hate, adult content, and public and political safety, and organizes queries into multiple task types. We evaluate a set of popular lightweight LLMs and measure over-refusal behavior to assess safety-induced performance degradation. Our results show that the Chinese-specific adversarial pattern is a critical challenge for lightweight LLMs. This benchmark offers a comprehensive evaluation of LLM safety in Chinese, assisting robust deployments in practice.
format Preprint
id arxiv_https___arxiv_org_abs_2601_00588
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle CSSBench: Evaluating the Safety of Lightweight LLMs against Chinese-Specific Adversarial Patterns
Zhou, Zhenhong
Yan, Shilinlu
Liu, Chuanpu
Li, Qiankun
Wang, Kun
Zeng, Zhigang
Computation and Language
Large language models (LLMs) are increasingly deployed in cost-sensitive and on-device scenarios, and safety guardrails have advanced mainly in English. However, real-world Chinese malicious queries typically conceal intent via homophones, pinyin, symbol-based splitting, and other Chinese-specific patterns. These Chinese-specific adversarial patterns create the safety evaluation gap that is not well captured by existing benchmarks focused on English. This gap is particularly concerning for lightweight models, which may be more vulnerable to such specific adversarial perturbations. To bridge this gap, we introduce the Chinese-Specific Safety Benchmark (CSSBench) that emphasizes these adversarial patterns and evaluates the safety of lightweight LLMs in Chinese. Our benchmark covers six domains that are common in real Chinese scenarios, including illegal activities and compliance, privacy leakage, health and medical misinformation, fraud and hate, adult content, and public and political safety, and organizes queries into multiple task types. We evaluate a set of popular lightweight LLMs and measure over-refusal behavior to assess safety-induced performance degradation. Our results show that the Chinese-specific adversarial pattern is a critical challenge for lightweight LLMs. This benchmark offers a comprehensive evaluation of LLM safety in Chinese, assisting robust deployments in practice.
title CSSBench: Evaluating the Safety of Lightweight LLMs against Chinese-Specific Adversarial Patterns
topic Computation and Language
url https://arxiv.org/abs/2601.00588