ddidacus/harmeval-gcg-llama3-1b

--- license: mit task_categories: - text-classification language: - en tags: - safety - jailbreak - gcg - adversarial - llm --- # harmeval-gcg-llama3-1b HarmEval ([SoftMINER-Group/HarmEval](https://huggingface.co/datasets/SoftMINER-Group/HarmEval)) augmented with adversarial suffixes generated via the **Greedy Coordinate Gradient (GCG)** attack method, optimized specifically against **Llama-3.2-1B-Instruct**. Each harmful prompt is paired with a GCG-optimized adversarial suffix that, when appended to the original question, maximizes the probability of the model producing a target harmful response. ## Columns | Column | Description | |---|---| | `question` | Original harmful prompt from HarmEval | | `target` | Target response prefix used during GCG optimization (e.g. `"Sure, here is the answer:"`) | | `attack` | Raw GCG adversarial suffix (gibberish token sequence) | | `adv_prompt` | Full adversarial prompt: `question + attack` (ready to use as model input) | | `best_loss` | Cross-entropy loss of the target at the end of optimization (lower = stronger attack) | ## Statistics - **550 rows** (one per HarmEval question) - Suffix search run for a fixed budget of GCG steps targeting Llama-3.2-1B-Instruct ## Intended use Evaluating the robustness of safety classifiers (e.g. linear probes, GLP diffusion models) against GCG-style adversarial inputs at the activation level.