English

Benchmarking Misuse Mitigation Against Covert Adversaries

Cryptography and Security 2026-04-22 v2 Artificial Intelligence

Abstract

Existing language model safety evaluations focus on overt attacks and low-stakes tasks. In reality, an attacker can easily subvert existing safeguards by requesting help on small, benign-seeming tasks across many independent queries. Because the individual queries do not appear harmful, the attack is hard to detect. However, when combined, these fragments uplift misuse by helping the attacker complete hard and dangerous tasks. Toward identifying defenses against such strategies, we develop Benchmarks for Stateful Defenses (BSD), a data generation pipeline that automates evaluations of covert attacks and corresponding defenses. Using this pipeline, we curate two new datasets that are consistently refused by frontier models and are too difficult for weaker open-weight models. This enables us to evaluate decomposition attacks, which are found to be effective misuse enablers, and to highlight stateful defenses as a promising countermeasure.

Keywords

Cite

@article{arxiv.2506.06414,
  title  = {Benchmarking Misuse Mitigation Against Covert Adversaries},
  author = {Davis Brown and Mahdi Sabbaghi and Luze Sun and Alexander Robey and George J. Pappas and Eric Wong and Hamed Hassani},
  journal= {arXiv preprint arXiv:2506.06414},
  year   = {2026}
}
R2 v1 2026-07-01T03:04:13.199Z