benchmark 2026

Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

Fatih Uenal

University of Colorado Boulder

0 citations
α

Published on arXiv

2604.05872

Prompt Injection

OWASP LLM Top 10 — LLM01

Sensitive Information Disclosure

OWASP LLM Top 10 — LLM06

Key Finding

Self-graded reliability scores (73-94%) vastly exceed adversarial security scores (20-61%); PII extraction defense remains critically weak (14-42%) across all evaluated models

Swiss-Bench 003 (SBP-003)

Novel technique introduced

The deployment of large language models (LLMs) in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003 (SBP-003), extending the HAAS (Helvetic AI Assessment Score) from six to eight dimensions by adding D7 (Self-Graded Reliability Proxy) and D8 (Adversarial Security). I evaluate ten frontier models across 808 Swiss-specific items in four languages (German, French, Italian, English), comprising seven Swiss-adapted benchmarks (Swiss TruthfulQA, Swiss IFEval, Swiss SimpleQA, Swiss NIAH, Swiss PII-Scope, System Prompt Leakage, and Swiss German Comprehension) targeting FINMA Guidance 08/2024, the revised Federal Act on Data Protection (nDSG), and OWASP Top 10 for LLMs. Self-graded D7 scores (73-94%) exceed externally judged D8 security scores (20-61%) by a wide margin, though these dimensions use non-comparable scoring regimes. System prompt leakage resistance ranges from 24.8% to 88.2%, while PII extraction defense remains weak (14-42%) across all models. Qwen 3.5 Plus achieves the highest self-graded D7 score (94.4%), while GPT-oss 120B achieves the highest D8 score (60.7%) despite being the lowest-cost model evaluated. All evaluations are zero-shot under provider default settings; D7 is self-graded and does not constitute independently validated accuracy. I provide conceptual mapping tables relating benchmark dimensions to FINMA model validation requirements, nDSG data protection obligations, and OWASP LLM risk categories.

Key Contributions

  • First Swiss-specific benchmark combining production reliability (D7) and adversarial security (D8) evaluation across 808 items in 4 languages
  • Evaluation framework mapping to FINMA Guidance 08/2024, nDSG data protection law, and OWASP LLM Top 10
  • Empirical security findings: system prompt leakage resistance 24.8-88.2%, PII extraction defense 14-42% across 10 frontier models

🛡️ Threat Analysis

Details

Domains
nlp
Model Types
llm
Threat Tags
black_boxinference_time
Datasets
Swiss TruthfulQASwiss IFEvalSwiss SimpleQASwiss NIAHSwiss PII-ScopeSystem Prompt LeakageSwiss German Comprehension
Applications
financial advisorylegal complianceregulatory compliance
Read PDF arXiv

Similar Papers

benchmark

A Practical Framework for Evaluating Medical AI Security: Reproducible Assessment of Jailbreaking and Privacy Vulnerabilities Across Clinical Specialties

2025 0 cit.
100%
benchmark

ConVerse: Benchmarking Contextual Safety in Agent-to-Agent Conversations

2025 5 cit.
100%
benchmark

Evaluating Language Model Reasoning about Confidential Information

2025 0 cit.
100%
benchmark

Quantifying Return on Security Controls in LLM Systems

2025 0 cit.
100%
benchmark

Bits Leaked per Query: Information-Theoretic Bounds on Adversarial Attacks against LLMs

2025 0 cit.
100%
benchmark

A Comprehensive Evaluation of LLM Unlearning Robustness under Multi-Turn Interaction

2026 0 cit.
100%
benchmark

Automated Framework to Evaluate and Harden LLM System Instructions against Encoding Attacks

2026 0 cit.
100%
benchmark

In AI Sweet Harmony: Sociopragmatic Guardrail Bypasses and Evaluation-Awareness in OpenAI gpt-oss-20b

2025 0 cit.
92%