Quantifying LLM Safety Degradation Under Repeated Attacks Using Survival Analysis
Summary
A new evaluation framework, presented in "Quantifying LLM Safety Degradation Under Repeated Attacks Using Survival Analysis" at TrustNLP 2026, applies survival analysis to assess large language model (LLM) vulnerability to adversarial jailbreak attacks. This preliminary work addresses the limitations of binary success/failure metrics by modeling "time-to-jailbreak" as a survival outcome. The framework estimates hazard functions, survival curves, and risk factors associated with successful attacks. Researchers evaluated three LLMs using a subset of prompts from the HarmBench dataset across three attack categories. The analysis revealed distinct vulnerability profiles: one LLM experienced rapid safety degradation under iterative attacks, while the other two demonstrated consistent moderate vulnerability. This methodology offers actionable insights for developers and establishes survival analysis as a rigorous approach for LLM safety evaluation.
Key takeaway
For AI Security Engineers evaluating LLM robustness, you should adopt survival analysis to move beyond binary pass/fail metrics. This approach provides a nuanced understanding of how LLMs degrade under repeated adversarial pressure, allowing you to identify models with rapid vulnerability degradation or consistent moderate risks. Implement "time-to-jailbreak" as a core metric to inform more effective safety guardrail development and deployment strategies.
Key insights
Survival analysis offers a dynamic framework to quantify LLM safety degradation under persistent jailbreak attacks.
Principles
- LLM safety degrades over time.
- "Time-to-jailbreak" is a key metric.
- Vulnerability profiles vary by model.
Method
The framework models "time-to-jailbreak" using survival analysis, enabling estimation of hazard functions, survival curves, and risk factors. It evaluates LLMs against iterative adversarial prompts from datasets like HarmBench.
In practice
- Track "time-to-jailbreak" for LLMs.
- Compare model degradation rates.
- Identify attack risk factors.
Topics
- LLM Safety
- Jailbreak Attacks
- Survival Analysis
- Adversarial Robustness
- HarmBench Dataset
- Model Evaluation
Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, Machine Learning Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Paper Index on ACL Anthology.