SafeProtein: Red-Teaming Framework and Benchmark for Protein Foundation Models

Proteins play crucial roles in almost all biological processes. The advancement of deep learning has greatly accelerated the development of protein foundation models, leading to significant successes in protein understanding and design. However, the lack of systematic red-teaming for these models has raised serious concerns about their potential misuse, such as generating proteins with biological safety risks. This paper introduces SafeProtein, the first red-teaming framework designed for protein foundation models to the best of our knowledge. SafeProtein combines multimodal prompt engineering and heuristic beam search to systematically design red-teaming methods and conduct tests on protein foundation models. We also curated SafeProtein-Bench, which includes a manually constructed red-teaming benchmark dataset and a comprehensive evaluation protocol. SafeProtein achieved continuous jailbreaks on state-of-the-art protein foundation models (up to 70% attack success rate for ESM3), revealing potential biological safety risks in current protein foundation models and providing insights for the development of robust security protection technologies for frontier models. The codes will be made publicly available at https://github.com/jigang-fan/SafeProtein.

Key Contributions

• SafeProtein: first red-teaming methodology for protein foundation models combining multimodal (sequence + structure) prompt engineering with heuristic beam search, achieving up to 70% jailbreak success rate on ESM3
• SafeProtein-Bench: first protein red-teaming benchmark with 429 curated harmful proteins (viruses, toxins) and a dual-criteria evaluation protocol assessing both sequence and structural similarity
• Empirically reveals that state-of-the-art protein foundation models with explicit safety filters remain vulnerable to systematic jailbreaking, highlighting the need for stronger alignment and filtering pipelines

🛡️ Threat Analysis

Details

Similar Papers