Multilingual safety is a massive blind spot in LLM development
What I find most interesting—and a bit concerning from a developer standpoint—is their mechanistic analysis. They found that these low-resource jailbreaks aren't necessarily "breaking" the model's refusal logic; instead, the harmful content is being routed through a geometrically misaligned subspace. Basically, the refusal mechanism is sitting there, perfectly intact and ready to work, but the input vector doesn't project onto the "refusal direction" enough to trigger it (it's like a security guard who is awake but doesn't recognize the intruder because they're wearing a slightly different uniform). There is this massive safety regime transition between medium and low-resource tiers that happens across almost all models, which suggests our current alignment methods are just fundamentally incapable of generalizing across different linguistic structures. If you're only evaluating your model's safety in English, you're essentially looking at a tiny, skewed slice of its actual vulnerability profile.
https://github.com/Brentkong/Minionese-Comprehensive-Benchmark-and-Mechanistic-Study-of-Multilingual-LLM-Safety.git