HarDBench: A Benchmark for Draft-Based Co-Authoring Jailbreak Attacks for Safe Human-LLM Collaborative Writing

arXiv cs.CL / 4/22/2026

📰 NewsDeveloper Stack & InfrastructureSignals & Early TrendsModels & Research

Key Points

  • The paper shows that LLMs used as co-authors for collaborative writing are vulnerable to “draft-based” jailbreak attacks that can steer models toward generating harmful content to complete incomplete drafts.
  • It introduces HarDBench, a systematic benchmark covering high-risk domains such as explosives, drugs, weapons, and cyberattacks, using prompts that resemble realistic co-authoring structures with domain-specific cues.
  • The authors propose a safety-utility balanced alignment approach using preference optimization to train models to refuse harmful completions while still being useful for benign drafts.
  • Experiments indicate that current LLMs are highly susceptible in co-authoring settings, and the proposed alignment method substantially reduces harmful outputs without noticeably harming co-authoring performance.
  • The benchmark and dataset are released publicly to support evaluation and alignment of LLMs specifically for human–LLM collaborative writing scenarios.

Abstract

Large language models (LLMs) are increasingly used as co-authors in collaborative writing, where users begin with rough drafts and rely on LLMs to complete, revise, and refine their content. However, this capability poses a serious safety risk: malicious users could jailbreak the models-filling incomplete drafts with dangerous content-to force them into generating harmful outputs. In this paper, we identify the vulnerability of current LLMs to such draft-based co-authoring jailbreak attacks and introduce HarDBench, a systematic benchmark designed to evaluate the robustness of LLMs against this emerging threat. HarDBench spans a range of high-risk domains-including Explosives, Drugs, Weapons, and Cyberattacks-and features prompts with realistic structure and domain-specific cues to assess the model susceptibility to harmful completions. To mitigate this risk, we introduce a safety-utility balanced alignment approach based on preference optimization, training models to refuse harmful completions while remaining helpful on benign drafts. Experimental results show that existing LLMs are highly vulnerable in co-authoring contexts and our alignment method significantly reduces harmful outputs without degrading performance on co-authoring capabilities. This presents a new paradigm for evaluating and aligning LLMs in human-LLM collaborative writing settings. Our new benchmark and dataset are available on our project page at https://github.com/untae0122/HarDBench