Quantifying LLM Safety Degradation Under Repeated Attacks Using Survival Analysis

· Source: Paper Index on ACL Anthology · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Data Science & Analytics · Depth: Expert, medium

Summary

A new evaluation framework, presented in "Quantifying LLM Safety Degradation Under Repeated Attacks Using Survival Analysis" at TrustNLP 2026, applies survival analysis to assess large language model (LLM) vulnerability to adversarial jailbreak attacks. This preliminary work addresses the limitations of binary success/failure metrics by modeling "time-to-jailbreak" as a survival outcome. The framework estimates hazard functions, survival curves, and risk factors associated with successful attacks. Researchers evaluated three LLMs using a subset of prompts from the HarmBench dataset across three attack categories. The analysis revealed distinct vulnerability profiles: one LLM experienced rapid safety degradation under iterative attacks, while the other two demonstrated consistent moderate vulnerability. This methodology offers actionable insights for developers and establishes survival analysis as a rigorous approach for LLM safety evaluation.

Key takeaway

For AI Security Engineers evaluating LLM robustness, you should adopt survival analysis to move beyond binary pass/fail metrics. This approach provides a nuanced understanding of how LLMs degrade under repeated adversarial pressure, allowing you to identify models with rapid vulnerability degradation or consistent moderate risks. Implement "time-to-jailbreak" as a core metric to inform more effective safety guardrail development and deployment strategies.

Key insights

Survival analysis offers a dynamic framework to quantify LLM safety degradation under persistent jailbreak attacks.

Principles

Method

The framework models "time-to-jailbreak" using survival analysis, enabling estimation of hazard functions, survival curves, and risk factors. It evaluates LLMs against iterative adversarial prompts from datasets like HarmBench.

In practice

Topics

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Scientist, Machine Learning Engineer, AI Security Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Paper Index on ACL Anthology.