AI red team engineer machine learning interview questions

As asked

How would you build and maintain an evaluation set for jailbreak resistance in a customer-facing AI assistant?

Sample answer outline

Separate broad coverage from high-signal regressions: one set should cover known jailbreak families, while another should contain failures your product has actually seen. Label expected behaviour precisely, because vague labels make eval scores meaningless. Include multi-turn attacks, role-play, encoding tricks, tool-use attempts, and benign prompts that look suspicious so the system does not become over-refusing. Strong answers mention versioning, holdout sets, scorer calibration, and review by policy or legal stakeholders when categories are sensitive. A weak answer treats jailbreak resistance as one static prompt list.

Expect these follow-ups

• How do you prevent overfitting to the public jailbreak set?
• What metric would you report to executives?
• How do you handle prompts where reviewers disagree on the correct response?

As asked

Your model scores unusually well on a public benchmark. How would you investigate possible data contamination?

Sample answer outline

First check whether benchmark examples, paraphrases, or answer keys appear in pretraining, fine-tuning, retrieval corpora, or synthetic data generation prompts. Use exact matching, fuzzy matching, embedding similarity, and n-gram overlap because contamination is often transformed rather than copied. A strong answer distinguishes accidental exposure from memorisation and from legitimate generalisation. The candidate should propose a clean holdout or newly authored evaluation to validate the result. Interviewers want to hear that high scores are treated as a debugging signal, not only as good news.

Expect these follow-ups

• How do you handle contamination discovered after a paper is submitted?
• What if you cannot inspect the full pretraining corpus?
• How would you design a benchmark that ages better against contamination?

As asked

A team wants to ship an image generation feature for ecommerce product mockups. How would you evaluate the model before launch?

Sample answer outline

Define product-specific success criteria: prompt adherence, visual quality, brand safety, text rendering, object consistency, diversity, and editability. Use automated metrics only as weak signals, because FID-style metrics do not capture whether a generated product mockup is usable. Build human review rubrics and compare against realistic baselines such as stock imagery, templates, or a previous model. Strong answers include safety filters for protected brands, misleading product claims, and generated text in images. The trap is evaluating only aesthetic quality and missing commercial usability.

Expect these follow-ups

• How would you test consistency across a set of related product images?
• What categories should be blocked before launch?
• How would you measure whether users prefer the generated mockups?