AI 비교하기AI 사용하기AI 최신정보AI 커뮤니티
Our VisionTermsPrivacyFAQContact

Language Choice Can Circumvent AI Safety Guardrails

Language Choice Can Circumvent AI Safety Guardrails

Forbes
Monday, July 13, 2026
  • •AI models show degraded safety guardrails when users submit prompts in less common natural languages.
  • •Hackers exploit English-dominant training data by using obscure languages or code-switching to bypass AI safety nets.
  • •Researchers evaluated 61 model configurations across 10 languages, identifying systemic causes for multilingual safety gaps.
  • •AI models show degraded safety guardrails when users submit prompts in less common natural languages.
  • •Hackers exploit English-dominant training data by using obscure languages or code-switching to bypass AI safety nets.
  • •Researchers evaluated 61 model configurations across 10 languages, identifying systemic causes for multilingual safety gaps.

Generative AI models face significant vulnerability to "jailbreaking" (attempts to bypass security protocols) when users submit prompts in less common natural languages rather than English. This security gap exists because major LLMs are predominantly trained on vast English-language datasets, causing their safety mechanisms to be highly calibrated for English while remaining significantly less effective against deceptive inputs in obscure languages like Swahili, Bengali, or Javanese.

Malicious actors exploit this imbalance by crafting devious prompts in these less common languages, effectively avoiding the robust safety filters that would immediately flag identical content written in English. Hackers also employ "code-switching," a technique where prompts are mixed with English and a target obscure language to confuse the AI's detection layers. The model often fails to identify the combined intent as harmful, allowing the prompt to circumvent established safety precautions.

While some propose translating all incoming prompts into English to standardize safety checks, the method remains flawed due to translation inaccuracies, which can introduce false positives or negatives, potentially failing to trigger the necessary safety responses. Furthermore, restricting AI utility to English-only users is commercially unviable, as only approximately 15% to 20% of the global population uses English. AI developers instead face the challenge of enhancing multilingual safety to ensure guardrails function consistently across all languages.

Recent research highlighted in an article titled "Why Do Safety Guardrails Degrade Across Languages?" published on May 16, 2026, quantifies this issue by examining 61 model configurations across 10 languages and 1.9 million responses. The study, authored by researchers including Max Zhang, Ameen Patel, Sang Truong, and Sanmi Koyejo, identifies factors such as ability deficits and conceptual grounding mismatches as key drivers of multilingual safety degradation. The researchers introduced a Multi-Group Item Response Theory (IRT) framework to decouple safety factors, such as prompt-specific cross-lingual safety gaps and language-agnostic robustness. As AI developers increasingly prioritize training models to recognize harmful patterns in low-resource languages, the effectiveness of language-switching as a deceptive tactic is expected to diminish over time.

Generative AI models face significant vulnerability to "jailbreaking" (attempts to bypass security protocols) when users submit prompts in less common natural languages rather than English. This security gap exists because major LLMs are predominantly trained on vast English-language datasets, causing their safety mechanisms to be highly calibrated for English while remaining significantly less effective against deceptive inputs in obscure languages like Swahili, Bengali, or Javanese.

Malicious actors exploit this imbalance by crafting devious prompts in these less common languages, effectively avoiding the robust safety filters that would immediately flag identical content written in English. Hackers also employ "code-switching," a technique where prompts are mixed with English and a target obscure language to confuse the AI's detection layers. The model often fails to identify the combined intent as harmful, allowing the prompt to circumvent established safety precautions.

While some propose translating all incoming prompts into English to standardize safety checks, the method remains flawed due to translation inaccuracies, which can introduce false positives or negatives, potentially failing to trigger the necessary safety responses. Furthermore, restricting AI utility to English-only users is commercially unviable, as only approximately 15% to 20% of the global population uses English. AI developers instead face the challenge of enhancing multilingual safety to ensure guardrails function consistently across all languages.

Recent research highlighted in an article titled "Why Do Safety Guardrails Degrade Across Languages?" published on May 16, 2026, quantifies this issue by examining 61 model configurations across 10 languages and 1.9 million responses. The study, authored by researchers including Max Zhang, Ameen Patel, Sang Truong, and Sanmi Koyejo, identifies factors such as ability deficits and conceptual grounding mismatches as key drivers of multilingual safety degradation. The researchers introduced a Multi-Group Item Response Theory (IRT) framework to decouple safety factors, such as prompt-specific cross-lingual safety gaps and language-agnostic robustness. As AI developers increasingly prioritize training models to recognize harmful patterns in low-resource languages, the effectiveness of language-switching as a deceptive tactic is expected to diminish over time.

Read original (English)·Jul 12, 2026
#jailbreaking#llm#multilingual safety#prompt injection#cybersecurity#low resource languages