Overview
Production Readiness
0.7
Novelty Score
0.5
Cost Impact Score
0.7
Citation Count
18
Why It Matters For Business
SafetyBench offers a fast, low-cost way to detect safety weaknesses across many categories and languages, helping teams find generation risks before user exposure.
Summary TLDR
SafetyBench is a bilingual (Chinese/English) multiple-choice benchmark with 11,435 questions across 7 safety categories (offensiveness, bias, physical health, mental health, illegal activities, ethics, privacy). The format enables low-cost automated scoring. The authors evaluated 25 LLMs: GPT-4 leads (≈89% avg accuracy), many open models score well below 80%, and SafetyBench scores strongly correlate with safe generation (Pearson 0.99 constrained, 0.91 open-ended on sampled queries). The dataset, guidelines, and a leaderboard are released and include human validation and translation steps. The authors note translation noise, augmentation bias from ChatGPT, and API filtering for Chinese APIs.
Problem Statement
There is no single comprehensive, low-cost benchmark to measure many safety dimensions of LLMs across languages. Existing datasets target individual safety facets or single languages and either require costly manual labeling or weak automatic checks, slowing iterations on model safety.
Main Contribution
A bilingual multiple-choice safety benchmark (SafetyBench) with 11,435 human-verified questions spanning 7 safety categories.
An extensive evaluation of 25 popular LLMs in zero-shot and few-shot settings, showing gaps in safety understanding and generation.
Public release of data, evaluation guidelines, and a live leaderboard to facilitate continuous, low-cost safety testing.
Key Findings
SafetyBench size and coverage
GPT-4 leads other models on SafetyBench
Safety understanding correlates with safe generation
Most evaluated models have room to improve
Data augmentation with ChatGPT can bias examples
Results
Accuracy
Accuracy
Accuracy
Accuracy
Who Should Care
What To Try In 7 Days
Run SafetyBench on your model to get a quick safety baseline across 7 categories.
Prioritize fixes in categories where your model scores worst (e.g., bias or privacy).
Sample multiple-choice failures and check corresponding generated answers to reproduce real-world risky outputs.
Reproducibility
Code Available
Data Available
Open Source Status
- yes
Risks & Boundaries
Limitations
- Possible missing safety domains (e.g., political content) and cultural divergences across languages.
- Translation step can introduce noise and occasional label drift between Chinese and English.
- Using ChatGPT for augmentation introduces modest bias favoring ChatGPT-like models on augmented subsets.
When Not To Use
- For adversarial red-teaming that targets jailbreaks and prompt injections, use specialized red-team suites instead.
- For legal or jurisdiction-specific political safety assessments that require region-exact answers.
- As the sole evaluation for open-ended dialogue safety — complement with generation-based tests.
Failure Modes
- Translation errors cause wrong or ambiguous options and must be manually checked.
- Augmented examples can favor the model used for augmentation and skew per-category difficulty.
- API-based models with strict filters may refuse answers, so filtered subsets change comparability.
Core Entities
Models
- GPT-4
- gpt-3.5-turbo
- text-davinci-003
- ChatGLM2
- ChatGLM2-lite
- internlm-chat-7B-v1.1
- Baichuan2-chat-13B
- Qwen-chat-7B
- Llama2-chat-13B
- Vicuna-33B
- Baichuan-chat-13B
Metrics
- Accuracy
- Pearson correlation
Datasets
- SafetyBench
- COLD
- CDial-Bias
- RedditBias
- Jigsaw Toxicity Severity
- SafeText
- Scruples
- MIC
- Moral Stories
- Ethics
Benchmarks
- MMLU
- AGIEval