Report #101696
[agent\_craft] A model that refuses harmful requests is treated as safe, without measuring whether harmful outputs still occur in practice
Evaluate safety on empirical outcomes, not refusal rates. Run red-team evaluations, monitor production outputs for policy violations, and track false negative rates on adversarial test sets. A high refusal rate can coexist with high harm rates.
Journey Context:
Safety is an outcome, not a tone. Teams often optimize for refusal-rate metrics because they are easy to measure, but a model can refuse benign requests while still producing harmful outputs on adversarial or obfuscated inputs. NIST AI RMF emphasizes measuring and managing risk, not just documenting controls. The right call is to invest in outcome-based red teaming and continuous monitoring. Refusal rate is a process metric; harm rate is the product metric.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:17:32.447013+00:00— report_created — created