Salvato in:
Dettagli Bibliografici
Autori principali: Feng, Mingqian, Liu, Xiaodong, Yang, Weiwei, Xu, Chenliang, White, Christopher, Gao, Jianfeng
Natura: Preprint
Pubblicazione: 2026
Soggetti:
Accesso online:https://arxiv.org/abs/2601.22636
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866918326534406144
author Feng, Mingqian
Liu, Xiaodong
Yang, Weiwei
Xu, Chenliang
White, Christopher
Gao, Jianfeng
author_facet Feng, Mingqian
Liu, Xiaodong
Yang, Weiwei
Xu, Chenliang
White, Christopher
Gao, Jianfeng
contents Large Language Models (LLMs) are typically evaluated for safety under single-shot or low-budget adversarial prompting, which underestimates real-world risk. In practice, attackers can exploit large-scale parallel sampling to repeatedly probe a model until a harmful response is produced. While recent work shows that attack success increases with repeated sampling, principled methods for predicting large-scale adversarial risk remain limited. We propose a scaling-aware Best-of-N estimation of risk, SABER, for modeling jailbreak vulnerability under Best-of-N sampling. We model sample-level success probabilities using a Beta distribution, the conjugate prior of the Bernoulli distribution, and derive an analytic scaling law that enables reliable extrapolation of large-N attack success rates from small-budget measurements. Using only n=100 samples, our anchored estimator predicts ASR@1000 with a mean absolute error of 1.66, compared to 12.04 for the baseline, which is an 86.2% reduction in estimation error. Our results reveal heterogeneous risk scaling profiles and show that models appearing robust under standard evaluation can experience rapid nonlinear risk amplification under parallel adversarial pressure. This work provides a low-cost, scalable methodology for realistic LLM safety assessment. We will release our code and evaluation scripts upon publication to future research.
format Preprint
id arxiv_https___arxiv_org_abs_2601_22636
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Statistical Estimation of Adversarial Risk in Large Language Models under Best-of-N Sampling
Feng, Mingqian
Liu, Xiaodong
Yang, Weiwei
Xu, Chenliang
White, Christopher
Gao, Jianfeng
Artificial Intelligence
Large Language Models (LLMs) are typically evaluated for safety under single-shot or low-budget adversarial prompting, which underestimates real-world risk. In practice, attackers can exploit large-scale parallel sampling to repeatedly probe a model until a harmful response is produced. While recent work shows that attack success increases with repeated sampling, principled methods for predicting large-scale adversarial risk remain limited. We propose a scaling-aware Best-of-N estimation of risk, SABER, for modeling jailbreak vulnerability under Best-of-N sampling. We model sample-level success probabilities using a Beta distribution, the conjugate prior of the Bernoulli distribution, and derive an analytic scaling law that enables reliable extrapolation of large-N attack success rates from small-budget measurements. Using only n=100 samples, our anchored estimator predicts ASR@1000 with a mean absolute error of 1.66, compared to 12.04 for the baseline, which is an 86.2% reduction in estimation error. Our results reveal heterogeneous risk scaling profiles and show that models appearing robust under standard evaluation can experience rapid nonlinear risk amplification under parallel adversarial pressure. This work provides a low-cost, scalable methodology for realistic LLM safety assessment. We will release our code and evaluation scripts upon publication to future research.
title Statistical Estimation of Adversarial Risk in Large Language Models under Best-of-N Sampling
topic Artificial Intelligence
url https://arxiv.org/abs/2601.22636