CivicGuard Africa: AI-Assisted Election Disinformation Triage and Multilingual Safety Benchmarking

kabuya josue tambwe

CivicGuard Africa is a civic AI safety tool and evaluation framework for African election disinformation risks. It helps users submit suspicious election-related content, generates a transparent deterministic triage report, supports simulated human/community review, monitors civic risk trends, and includes a Benchmark Lab for evaluating AI safety behavior across African languages and election contexts. The MVP does not automatically determine truth; it supports human verification by prioritising and structuring suspicious civic content. The project combines Monitoring & Tooling with Evaluation & Benchmarking and includes a working demo, GitHub repository, exportable benchmark data, screenshots, and a research report.

Reviewer's Comments

Reviewer's Comments

Arrow
Arrow
Arrow

One-line summary: A deployed Next.js web app (no backend, no live AI model) that lets users submit suspicious election content, runs keyword-based triage, and shows a multilingual "Benchmark Lab" spanning 5 African countries and 8 language and code-switched contexts. It's pitched as both a civic safety tool and an evaluation framework.

Constructive critique:

This picks a problem that genuinely matters and is under-served: AI safety failures in African election settings, especially across local languages and code-switched messaging where English-only safety assumptions fall apart. The framing is sharp, the harm taxonomy is sensible, the choice to prioritise and structure content for human review rather than auto-detect truth is the right safety posture, and getting a working demo deployed in a weekend counts for something.

The core problem is that the most valuable idea here was described but never run. A benchmark only earns the name once real model outputs pass through it. Hamel Husain and Shreya Shankar make this point well: evals are not a spec you write up front, they are what you learn from looking at real outputs and discovering the failure modes you couldn't have guessed. CivicGuard wrote the rubric and the dataset schema, then stopped before the step that produces knowledge. So there are no findings about how any model actually behaves, and right now it reads as a product shell with the research still ahead of it.

The triage engine is also worth challenging on safety grounds, not just on rigor. It's a fixed keyword and urgency list, and that is exactly the kind of static defense Sander Schulhoff argues does not hold up: anyone spreading disinformation will rephrase, code-switch, or swap terms, and a keyword list quietly fails the moment the wording moves off your list. That fragility is more concerning here than in a normal product, because the whole premise is multilingual and code-switched content.

Highest-leverage move: run the benchmark for real. Take two or three accessible models, push your prompt set through all 8 language and code-switch conditions, label the responses with the rubric you already wrote, and report where it breaks. A finding like "the model refuses the English prompt but complies with the isiZulu or Hausa-English version" is genuine, publishable safety work, and it would move both Impact and Execution up sharply. After that, do real error analysis on a sample of triage outputs against human labels and report precision and recall, so the risk scores mean something. The write-up would also land harder at half the length.

--

Track + flags:

On-topic (Global South AI safety, tools and evals, Africa region). No info hazard, no conflict of interest, no plagiarism signals, references check out. Clean.

This is an impactful idea that could make a real difference in combating disinformation and protecting civic integrity. It addresses important concerns around misinformation in code-switching and low-resource language contexts. While the system is currently designed to be driven by community-submitted reports, there is the potential for broader impact if it can eventually support more proactive detection e.g. scanning social media or other public channels for instances of misinformation.

Additionally, it would be impactful to drill down on the exact desired outcome at the end of the community review process. For example, would the system partner with civic organizations, journalists or fact-checkers to share resources that combat disinformation? How would this work in closed messaging platforms like WhatsApp (mentioned in this project)?

Preventing abuse is another important issue to tackle. How would the system protect itself against concerted efforts by malicious actors deliberately reporting false positives? What oversight mechanisms could prevent the tool from being manipulated into silencing legitimate political speech or suppressing voter participation?

The largest improvement would come from augmenting the current deterministic/rules-based system with a more powerful AI workflow while preserving key aspects such as human-in-the-loop review.

The project is well-executed and addresses an important problem. However, there are two notable limitations:

- The "triage framework" is deterministic keyword-and-urgency matching over user-submitted metadata, with no AI model in the loop. This means the submission does not evaluate any AI system for safety, does not test whether models actually mishandle African-language election prompts, and cannot produce evidence about the deployment-side AI safety problem it sets out to address. The Benchmark Lab likewise uses "safe prompt summaries" and hand-assigned response labels rather than real model outputs, so the reported multilingual coverage is a catalog of prompts rather than a benchmark result.

- The authors state that results are not statistically significant, that there are no real fact-checking partners, no field validation with journalists or election observers, no persistence layer, and no external model evaluation. Taken together, what remains is a UI prototype seeded with mock incidents — useful as a design artifact, but the empirical claims about African election contexts (harm categories, language coverage, review workflows) rest on seeded examples rather than observed behavior, and no experiment in the submission could refute or confirm the stated hypothesis about English-only AI safety being insufficient.

Cite this work

@misc {

title={

(HckPrj) CivicGuard Africa: AI-Assisted Election Disinformation Triage and Multilingual Safety Benchmarking

},

author={

kabuya josue tambwe

},

date={

},

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

PROTEUS (PROTein Evaluation for Unusual Sequences): Structure-Informed Safety Screening for de novo and Evasion-Prone Protein-Coding Sequences

AI protein design tools like RFdiffusion, ProteinMPNN, and Bindcraft make it trivial to produce low-homology sequences that fold into active, potentially hazardous architectures. However, sequence homology-based biosafety screening tools cannot detect proteins that pose functional risk through structurally novel mechanisms with no sequence precedent. We present a tiered computational pipeline that addresses this gap by combining MMseqs2 sequence alignment with structure-based comparison via FoldSeek and DALI against curated toxin databases totaling ~34,000 entries. AlphaFold2-predicted structures are screened for both global fold similarity (FoldSeek) and local active/allosteric site geometry (DALI), capturing convergent functional hazards that sequence screening misses. The pipeline was validated against a panel of toxins, benign proteins, structural mimics, and de novo-designed Munc13 binders, as well as modified ricin variants with residue substitutions. We additionally tested robustness to partial-synthesis evasion, where a bad actor submits multiple shorter coding sequences intended for downstream reassembly into a full toxin-coding gene. We found that while sequence-based screening did not identify any de novo ricin analogues with high certainty, the combined pipeline with FoldSeek and DALI identified all 24 tested de novo ricins as toxic.

Read More

OliGraph: graph-based screening of large oligopools

Existing synthesis screening tools cannot evaluate short oligonucleotide pools, whose overlapping fragments can be reassembled into regulated sequences via polymerase cycling assembly (PCA) yet fall below gene-length detection thresholds. We present OliGraph, an open-source tool that constructs a bi-directed overlap graph from an oligonucleotide pool and extracts contigs for downstream gene-length screening. An optional PCA mode retains only cross-strand overlaps consistent with PCA chemistry. We validated OliGraph in a blinded study across ten simulated pools (70–9,184 oligonucleotides, 30–300 bp) spanning four risk categories. BLAST screening of individual oligonucleotides failed to identify sequences of concern in most pools: three returned zero hits, and vector noise obscured true positives in the remainder. After OliGraph assembly, contig-level BLAST matched the longest assembled sequences (up to 1,905 bp) to sequences of concern at 97–100% identity. In one pool, assembly collapsed 1,634 individual BLAST results into 10 hits from a single contig, all assigned to the same source organism. PCA mode correctly distinguished assemblable from non-assemblable fragments within the same pool. Two pools with no assemblable structure yielded no contigs. OliGraph processed all pools in under 0.2 seconds, fast enough for real-time order screening and consistent with proposals to bring oligonucleotide orders within the scope of synthesis screening regulation.

Read More

BioRT-Bench: A Multi-Attack Red-Teaming Benchmark for Bio-Misuse Safeguards in Frontier LLMs

Frontier AI laboratories are expected to maintain safeguards against biological misuse, but whether deployed models actually refuse bio-misuse queries under adversarial pressure is largely unmeasured in the public literature. We introduce BioRT-Bench, a benchmark that runs four attack methods (direct request, PAIR, Crescendo, and base64 encoding) against four frontier models (Claude Sonnet 4.6, GPT-5.4, DeepSeek V4-flash, Kimi K2.5) across 40 prompts spanning five biosecurity-relevant categories. Responses are scored by a calibrated judge extending StrongREJECT with two bio-specific dimensions: specificity and actionability. We measure Attack Success Rate (ASR), where 0 means the model fully refused and 1 means it provided specific, actionable bio-misuse content. Our results reveal a sharp robustness divide: Chinese frontier models (DeepSeek, Kimi) have under 5% refusal rates even under direct request (ASR 0.88 and 0.79), while Western models (Claude, GPT) maintain substantially stronger safeguards (ASR 0.15 and 0.16). Crescendo is the most effective attack across all models, both in bypassing refusal and in eliciting actionable content. Claude Sonnet 4.6 is the most robust model tested, achieving 100% refusal against base64-encoded prompts.

Read More

This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.
This work was done during one weekend by research workshop participants and does not represent the work of Apart Research.