Saved in:
Bibliographic Details
Main Authors: Alanova, Shirin, Minko, Bogdan, Sadiekh, Sabrina, Kokuykin, Evgeniy
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.25716
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910174469423104
author Alanova, Shirin
Minko, Bogdan
Sadiekh, Sabrina
Kokuykin, Evgeniy
author_facet Alanova, Shirin
Minko, Bogdan
Sadiekh, Sabrina
Kokuykin, Evgeniy
contents Safety mechanisms for large language models (LLMs) remain predominantly English-centric, creating systematic vulnerabilities in multilingual deployment. Prior work shows that translating malicious prompts into other languages can substantially increase jailbreak success rates, exposing a structural cross-lingual security gap. We investigate whether such attacks can be mitigated through language-agnostic semantic similarity without retraining or language-specific adaptation. Our approach compares multilingual query embeddings against a fixed English codebook of jailbreak prompts, operating as a training-free external guardrail for black-box LLMs. We conduct a systematic evaluation across four languages, two translation pipelines, four safety benchmarks, three embedding models, and three target LLMs (Qwen, Llama, GPT-3.5). Our results reveal two distinct regimes of cross-lingual transfer. On curated benchmarks containing canonical jailbreak templates, semantic similarity generalizes reliably across languages, achieving near-perfect separability (AUC up to 0.99) and substantial reductions in absolute attack success rates under strict low-false-positive constraints. However, under distribution shift - on behaviorally diverse and heterogeneous unsafe benchmarks - separability degrades markedly (AUC $\approx$ 0.60-0.70), and recall in the security-critical low-FPR regime drops across all embedding models.
format Preprint
id arxiv_https___arxiv_org_abs_2604_25716
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Cross-Lingual Jailbreak Detection via Semantic Codebooks
Alanova, Shirin
Minko, Bogdan
Sadiekh, Sabrina
Kokuykin, Evgeniy
Computation and Language
Artificial Intelligence
Safety mechanisms for large language models (LLMs) remain predominantly English-centric, creating systematic vulnerabilities in multilingual deployment. Prior work shows that translating malicious prompts into other languages can substantially increase jailbreak success rates, exposing a structural cross-lingual security gap. We investigate whether such attacks can be mitigated through language-agnostic semantic similarity without retraining or language-specific adaptation. Our approach compares multilingual query embeddings against a fixed English codebook of jailbreak prompts, operating as a training-free external guardrail for black-box LLMs. We conduct a systematic evaluation across four languages, two translation pipelines, four safety benchmarks, three embedding models, and three target LLMs (Qwen, Llama, GPT-3.5). Our results reveal two distinct regimes of cross-lingual transfer. On curated benchmarks containing canonical jailbreak templates, semantic similarity generalizes reliably across languages, achieving near-perfect separability (AUC up to 0.99) and substantial reductions in absolute attack success rates under strict low-false-positive constraints. However, under distribution shift - on behaviorally diverse and heterogeneous unsafe benchmarks - separability degrades markedly (AUC $\approx$ 0.60-0.70), and recall in the security-critical low-FPR regime drops across all embedding models.
title Cross-Lingual Jailbreak Detection via Semantic Codebooks
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2604.25716