An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs

Vinit Sudhir Wadgaonkar; Nalini Ratha

doi:10.1109/CAI64502.2025.00156

An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs

Vinit Sudhir Wadgaonkar
, Nalini Ratha

Department of Computer Science and Engineering

SUNY Buffalo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The widespread adoption of Large Language Models (LLMs) has heightened concerns about their potential to generate toxic, biased, or harmful content. These risks are magnified in multilingual contexts involving code-switching, culturally nuanced slang, and adversarial prompt engineering, which often evade conventional moderation. Existing detection models struggle due to static datasets and limited adaptability to evolving linguistic patterns. To address these challenges, we propose two innovations: a Dynamic Multilingual Toxicity Dataset that extends PolygloToxicityPrompts using subject-predicate permutations and translation averaging; and a novel Adversarial Prompt Generation Framework based on Reinforcement Learning with Adversarial Feedback (RLAF), designed to elicit toxic responses from target LLMs via reward-driven refinement. Enhanced with BLOOM fine-tuning, Model-Agnostic Meta-Learning (MAML), and dynamic few-shot learning, our framework offers robust stress-testing under multilingual, adversarial conditions [15], [16], [20].

Original language	English
Title of host publication	Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	884-887
Number of pages	4
ISBN (Electronic)	9798331524005
DOIs	https://doi.org/10.1109/CAI64502.2025.00156
State	Published - 2025
Event	3rd IEEE Conference on Artificial Intelligence, CAI 2025 - Santa Clara, United States Duration: May 5 2025 → May 7 2025

Publication series

Name	Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025

Conference

Conference	3rd IEEE Conference on Artificial Intelligence, CAI 2025
Country/Territory	United States
City	Santa Clara
Period	05/5/25 → 05/7/25

Keywords

adversarial prompt generation
BLOOM fine-tuning
code-switching
LLM safety
MAML
Multilingual toxicity detection
RLAF
stress-testing LLMs

Access to Document

10.1109/CAI64502.2025.00156

Cite this

Wadgaonkar, V. S., & Ratha, N. (2025). An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs. In Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025 (pp. 884-887). (Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CAI64502.2025.00156

@inproceedings{932180ace91d4d949d313801aad0c45e,

title = "An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs",

abstract = "The widespread adoption of Large Language Models (LLMs) has heightened concerns about their potential to generate toxic, biased, or harmful content. These risks are magnified in multilingual contexts involving code-switching, culturally nuanced slang, and adversarial prompt engineering, which often evade conventional moderation. Existing detection models struggle due to static datasets and limited adaptability to evolving linguistic patterns. To address these challenges, we propose two innovations: a Dynamic Multilingual Toxicity Dataset that extends PolygloToxicityPrompts using subject-predicate permutations and translation averaging; and a novel Adversarial Prompt Generation Framework based on Reinforcement Learning with Adversarial Feedback (RLAF), designed to elicit toxic responses from target LLMs via reward-driven refinement. Enhanced with BLOOM fine-tuning, Model-Agnostic Meta-Learning (MAML), and dynamic few-shot learning, our framework offers robust stress-testing under multilingual, adversarial conditions [15], [16], [20].",

keywords = "adversarial prompt generation, BLOOM fine-tuning, code-switching, LLM safety, MAML, Multilingual toxicity detection, RLAF, stress-testing LLMs",

author = "Wadgaonkar, \{Vinit Sudhir\} and Nalini Ratha",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 3rd IEEE Conference on Artificial Intelligence, CAI 2025 ; Conference date: 05-05-2025 Through 07-05-2025",

year = "2025",

doi = "10.1109/CAI64502.2025.00156",

language = "English",

series = "Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "884--887",

booktitle = "Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025",

address = "United States",

}

Wadgaonkar, VS & Ratha, N 2025, An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs. in Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025. Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025, Institute of Electrical and Electronics Engineers Inc., pp. 884-887, 3rd IEEE Conference on Artificial Intelligence, CAI 2025, Santa Clara, United States, 05/5/25. https://doi.org/10.1109/CAI64502.2025.00156

An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs. / Wadgaonkar, Vinit Sudhir; Ratha, Nalini.
Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025. Institute of Electrical and Electronics Engineers Inc., 2025. p. 884-887 (Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs

AU - Wadgaonkar, Vinit Sudhir

AU - Ratha, Nalini

PY - 2025

Y1 - 2025

N2 - The widespread adoption of Large Language Models (LLMs) has heightened concerns about their potential to generate toxic, biased, or harmful content. These risks are magnified in multilingual contexts involving code-switching, culturally nuanced slang, and adversarial prompt engineering, which often evade conventional moderation. Existing detection models struggle due to static datasets and limited adaptability to evolving linguistic patterns. To address these challenges, we propose two innovations: a Dynamic Multilingual Toxicity Dataset that extends PolygloToxicityPrompts using subject-predicate permutations and translation averaging; and a novel Adversarial Prompt Generation Framework based on Reinforcement Learning with Adversarial Feedback (RLAF), designed to elicit toxic responses from target LLMs via reward-driven refinement. Enhanced with BLOOM fine-tuning, Model-Agnostic Meta-Learning (MAML), and dynamic few-shot learning, our framework offers robust stress-testing under multilingual, adversarial conditions [15], [16], [20].

AB - The widespread adoption of Large Language Models (LLMs) has heightened concerns about their potential to generate toxic, biased, or harmful content. These risks are magnified in multilingual contexts involving code-switching, culturally nuanced slang, and adversarial prompt engineering, which often evade conventional moderation. Existing detection models struggle due to static datasets and limited adaptability to evolving linguistic patterns. To address these challenges, we propose two innovations: a Dynamic Multilingual Toxicity Dataset that extends PolygloToxicityPrompts using subject-predicate permutations and translation averaging; and a novel Adversarial Prompt Generation Framework based on Reinforcement Learning with Adversarial Feedback (RLAF), designed to elicit toxic responses from target LLMs via reward-driven refinement. Enhanced with BLOOM fine-tuning, Model-Agnostic Meta-Learning (MAML), and dynamic few-shot learning, our framework offers robust stress-testing under multilingual, adversarial conditions [15], [16], [20].

KW - adversarial prompt generation

KW - BLOOM fine-tuning

KW - code-switching

KW - LLM safety

KW - MAML

KW - Multilingual toxicity detection

KW - RLAF

KW - stress-testing LLMs

UR - https://www.scopus.com/pages/publications/105011290887

U2 - 10.1109/CAI64502.2025.00156

DO - 10.1109/CAI64502.2025.00156

M3 - Conference contribution

AN - SCOPUS:105011290887

T3 - Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025

SP - 884

EP - 887

BT - Proceedings - 2025 IEEE Conference on Artificial Intelligence, CAI 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd IEEE Conference on Artificial Intelligence, CAI 2025

Y2 - 5 May 2025 through 7 May 2025

ER -

An Adversarial Toxicity Prompt Generator Exploiting Multilingual Code-Switching in LLMs

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this