Safety Assessment of Chinese Large Language Models

February 9, 2026

What are the risks from AI? 

This week we spotlight the 27th framework of risks from AI included in the AI Risk Repository: Sun, H., Zhang, Z., Deng, J., Cheng, J., & Huang, M. (2023). Safety Assessment of Chinese Large Language Models. In arXiv [cs.CL]. arXiv. http://arxiv.org/abs/2304.10436

Paper focus

This paper provides a safety assessment framework for Chinese large language models (LLMs), which features a safety taxonomy accompanied by a safety prompt library and safety assessment method for model training and evaluation.

Included risk categories

This paper presents a safety taxonomy for LLMs consisting of 8 types of safety scenarios and 6 types of instruction attacks.

1. Safety scenarios: domains where a model may generate harmful or inappropriate content

  • Insult: unfriendly or disrespectful content
  • Unfairness and discrimination: unfair or discriminatory content, based on race, gender, religion, or appearance
  • Crimes and illegal activities: content that incites crime, fraud, or rumor propagation
  • Sensitive topics: biased, misleading, or inaccurate content relating to sensitive and controversial topics
  • Physical harm: unsafe information leading to physical harm
  • Mental health: content that promotes suicide or mental health harm
  • Privacy and property: exposure of users’ privacy or high-impact financial and personal advice
  • Ethics and morality: content that violates ethical principles and globally-acknowledged human values

2. Instruction attacks: adversarial attacks where a model could be misused to create harm

  • Goal hijacking: appending deceptive instructions to model input so that the model ignores the original prompt and produces an unsafe response
  • Prompt leaking: extracting parts of the system’s prompts to obtain sensitive information about the system
  • Role play instruction: assigning a specific role to the model to induce it to produce unsafe content 
  • Unsafe instruction topic: providing instructions that refer to inappropriate or harmful topics
  • Inquiry with unsafe opinion: embedding subtle, biased views within instructions to influence the model to create harmful content 
  • Reverse exposure: attempts to make the model reveal “should-not-do” content in order to access illegal or harmful information

Key features of the framework and associated paper

  • Focuses on LLMs in the Chinese language and trained on Chinese corpus, but notes that its safety assessment taxonomy could be scalable to other languages
  • Uses the safety assessment benchmark to assess 15 LLMs (OpenAI GPT series and Chinese LLMs such as ChatGLM and MiniChat) and provides a safety leaderboard to record their performance across the 14 dimensions of safety

⚠️Disclaimer: This summary highlights a paper included in the MIT AI Risk Repository. We did not author the paper and credit goes to Hao Sun, Zhexin Zhang, Jiawen Deng, Jiale Cheng, and Minlie Huang. For the full details, please refer to the original publication: https://arxiv.org/pdf/2304.10436.

Further engagement 

View all the frameworks included in the AI Risk Repository 

Sign-up for our project Newsletter

Featured blog content

December 4, 2025

Repository Update: December 2025

We’re pleased to share that Version 4 of the MIT AI Risk Repository is now live. This latest update reflects our ongoing commitment to maintaining a comprehensive, transparent, and up-to-date resource for understanding risks from artificial intelligence systems.

Project updates
April 23, 2025

AI Risk Repository Report updated (April 2025)

This blog post outlines the April 2025 update to the AI Risk Repository preprint, which adds 22 newly published frameworks, expands the dataset to 1,612 classified risks, and adds a new subdomain to the domain taxonomy (multi-agent risks). The AI Risk Repository is a living, systematic review and database of AI risk frameworks. The preprint provides an in-depth synthesis of risk classifications and presents two taxonomies—causal and domain-based—to support clearer understanding, auditing, and governance of AI risks.

Research
October 15, 2025

Mapping the AI Governance Landscape: Pilot Test and Update

We used large language models to classify over 950 AI governance documents from CSET’s AGORA archive into AI risk and mitigation categories. We compared model and human performance, refined prompts for accuracy, and used the results to pilot a scalable method for mapping the AI governance landscape.

Aligned projects
July 28, 2025

Mapping AI Risk Mitigations

We identified and extracted mitigations from documents that proposed AI risk mitigations into an AI Risk Mitigation Database. We used the mitigations to develop a draft AI Risk Mitigation Taxonomy.

Research
April 4, 2025

Explore the Frameworks Behind the AI Risk Repository

This post shares a public Google Slides deck containing all 65 frameworks included in Version 3 of the AI Risk Repository. It provides direct access to source documents, diagrams, and key excerpts to support transparency, research, and further analysis of AI risk classifications.

AI Risk Frameworks
August 29, 2025

Explore the Frameworks in the AI Risk Mitigation Database

This post shares a public Google Slides & PDF deck containing the 13 frameworks included in the draft AI Risk Mitigation Taxonomy. It provides direct access to source documents, diagrams, and key excerpts to support transparency, research, and further analysis of AI risk mitigation classifications.

Project updates
July 18, 2025

Incident Tracker - June 2025 Update

We made a major update to our tracker on 23 June 2025

Project updates
AI Risk Repository
RisksIncidents MitigationsGovernanceBlogTeam

© MIT FutureTech 2025
The MIT AI Risk Initiative is licensed under CC BY 4.0
MIT Accessibility