Risk Under Pressure: Compute-Aware Evaluation of Adversarial Robustness in Language Models

Fixed-budget attack success rate (ASR) comparisons ignore that different jailbreak strategies can differ by orders of magnitude in compute cost. This framework replaces query-count budgets with cumulative FLOPs as the adversarial effort metric, producing risk-compute curves that show how attack success probability scales with actual computational expenditure. The two derived summary metrics let practitioners assess whether a defense raises the cost-to-success ratio meaningfully rather than just deflecting low-effort attacks.