Saved in:
Bibliographic Details
Main Authors: Kang, Jingyi, Lu, Junyu, Xu, Bo, Wang, Hongbo, zong, Linlin, Lee, Roy Ka-Wei, Lin, Hongfei
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.22258
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910245624741888
author Kang, Jingyi
Lu, Junyu
Xu, Bo
Wang, Hongbo
zong, Linlin
Lee, Roy Ka-Wei
Lin, Hongfei
author_facet Kang, Jingyi
Lu, Junyu
Xu, Bo
Wang, Hongbo
zong, Linlin
Lee, Roy Ka-Wei
Lin, Hongfei
contents Large language models (LLMs) require robust toxicity evaluation beyond explicit wording. This setting remains underexplored in Chinese, where toxicity may combine semantic indirectness with surface obfuscation. We introduce Chinese Implicit Toxicity Attack (CITA), a controlled red-team evaluation and defense-data generation framework, not a deployable evasion tool. CITA uses three stages: (i) Harmful Intent Learning, (ii) Implicit Toxicity Enhancement, and (iii) Obfuscation Variant Rewriting, to preserve harmful intent, increase implicitness, and add controlled surface variants. On CITA-generated evaluation samples, the seven tested detectors exhibit substantial missed-detection risks, reaching an average ASR of 69.48%; human evaluation further confirms preserved harmfulness and increased implicitness/evasiveness. As a downstream defense application, we fine-tune a Chinese Implicit Toxicity Defense model (CITD) with CITA-generated red-team data, showing that such data can improve robustness through additional training.
format Preprint
id arxiv_https___arxiv_org_abs_2605_22258
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Harder to Defend: Towards Chinese Toxicity Attacks via Implicit Enhancement and Obfuscation Rewriting
Kang, Jingyi
Lu, Junyu
Xu, Bo
Wang, Hongbo
zong, Linlin
Lee, Roy Ka-Wei
Lin, Hongfei
Computation and Language
Large language models (LLMs) require robust toxicity evaluation beyond explicit wording. This setting remains underexplored in Chinese, where toxicity may combine semantic indirectness with surface obfuscation. We introduce Chinese Implicit Toxicity Attack (CITA), a controlled red-team evaluation and defense-data generation framework, not a deployable evasion tool. CITA uses three stages: (i) Harmful Intent Learning, (ii) Implicit Toxicity Enhancement, and (iii) Obfuscation Variant Rewriting, to preserve harmful intent, increase implicitness, and add controlled surface variants. On CITA-generated evaluation samples, the seven tested detectors exhibit substantial missed-detection risks, reaching an average ASR of 69.48%; human evaluation further confirms preserved harmfulness and increased implicitness/evasiveness. As a downstream defense application, we fine-tune a Chinese Implicit Toxicity Defense model (CITD) with CITA-generated red-team data, showing that such data can improve robustness through additional training.
title Harder to Defend: Towards Chinese Toxicity Attacks via Implicit Enhancement and Obfuscation Rewriting
topic Computation and Language
url https://arxiv.org/abs/2605.22258