Adversarial Pragmatics for AI Safety Evaluation: A Benchmark for Instruction Conflict, Embedded Commands, and Policy Ambiguity

arXiv:2607.01153v1 Announce Type: new Abstract: Safety evaluations for language models increasingly depend on judgments about ambiguous natural-language behaviour: whether a model has followed an instruction, refused appropriately, complied with a policy, resisted an embedded command, or misreported progress in an agentic task. Existing benchmarks often compress these distinctions into pass/fail labels, obscuring whether failures arise from capability limits, policy ambiguity, instruction conflict, scaffold failure, or unstable evaluator judgments. This paper introduces adversarial pragmatics
The increasing sophistication and widespread deployment of large language models necessitates more robust and nuanced safety evaluation methods that go beyond simple pass/fail metrics.
A strategic reader should care because improving AI safety evaluation is critical for responsible AI development, deployment, and avoiding catastrophic failures, especially as AI systems become more autonomous.
The introduction of 'adversarial pragmatics' shifts the focus of AI safety evaluation towards more complex and ambiguous natural-language interactions, moving beyond simplified binaries.
- · AI Safety Researchers
- · AI Ethics Organizations
- · Developers of foundational models
- · Regulators
- · Developers of unsafe AI
- · AI systems with poor instruction following
- · Simplistic AI evaluation benchmarks
Language models will be subjected to more rigorous and realistic safety evaluations based on nuanced linguistic understanding.
Improved evaluation methods will lead to the development of more robust and trustworthy AI systems capable of handling complex human instructions and policies.
Higher safety standards could slow down the rapid deployment of certain AI applications but ultimately foster greater public trust and broader adoption of AI in sensitive domains.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.CL