English

Code-Switching Red-Teaming: LLM Evaluation for Safety and Multilingual Understanding

Artificial Intelligence 2025-06-12 v3 Computation and Language

Abstract

As large language models (LLMs) have advanced rapidly, concerns regarding their safety have become prominent. In this paper, we discover that code-switching in red-teaming queries can effectively elicit undesirable behaviors of LLMs, which are common practices in natural language. We introduce a simple yet effective framework, CSRT, to synthesize codeswitching red-teaming queries and investigate the safety and multilingual understanding of LLMs comprehensively. Through extensive experiments with ten state-of-the-art LLMs and code-switching queries combining up to 10 languages, we demonstrate that the CSRT significantly outperforms existing multilingual red-teaming techniques, achieving 46.7% more attacks than standard attacks in English and being effective in conventional safety domains. We also examine the multilingual ability of those LLMs to generate and understand codeswitching texts. Additionally, we validate the extensibility of the CSRT by generating codeswitching attack prompts with monolingual data. We finally conduct detailed ablation studies exploring code-switching and propound unintended correlation between resource availability of languages and safety alignment in existing multilingual LLMs.

Keywords

Cite

@article{arxiv.2406.15481,
  title  = {Code-Switching Red-Teaming: LLM Evaluation for Safety and Multilingual Understanding},
  author = {Haneul Yoo and Yongjin Yang and Hwaran Lee},
  journal= {arXiv preprint arXiv:2406.15481},
  year   = {2025}
}

Comments

To appear in ACL 2025

R2 v1 2026-06-28T17:15:20.179Z