arXiv: Talk is (Not) Cheap: A Taxonomy and Benchmark Coverage Audit for LLM Attacks

This publication, a pre-print from arXiv dated May 14, 2026, introduces a new taxonomy and benchmark coverage audit for attacks on large language models (LLMs). It systematically categorises the types of adversarial inputs that can cause LLMs to produce harmful, biased, or non-compliant outputs, and then evaluates how well existing safety benchmarks cover these attack vectors. The core finding is that current testing frameworks significantly under-represent many real-world attack categories, meaning organisations relying solely on standard safety benchmarks may have a false sense of security.

The primary affected groups are any organisations deploying or integrating LLMs into customer-facing or regulated processes, particularly in finance, healthcare, legal services, and public administration. Under the EU AI Act, these entities are classified as providers or deployers of high-risk AI systems and must demonstrate robust risk management and testing. The audit reveals gaps in current red-teaming and evaluation practices that could lead to non-compliance with requirements for accuracy, robustness, and transparency.

Compliance teams should immediately review their current LLM safety testing protocols against the taxonomy presented in this paper. They should identify which attack categories are not covered by their existing benchmarks and update their testing suites accordingly. It is also prudent to document this gap analysis as part of the technical documentation required under the AI Act, and to schedule a re-evaluation of third-party model providers to ensure their safety claims align with this more comprehensive attack coverage.