This paper addresses the critical gap in research ethics within Natural Language Processing Security (NLPSec). Analyzing 2018–2023 mainstream literature, we identify significant shortcomings in core ethical dimensions—particularly harm minimization and responsible disclosure—and a persistent disconnect from established cybersecurity ethics norms. To bridge this gap, we conduct the first cross-domain ethical framework mapping between NLPSec and cybersecurity, introducing the “White-Hat NLP” conceptual framework that aligns NLP-specific characteristics with cybersecurity’s ethical paradigms. Based on this mapping, we formulate actionable, deployment-oriented responsible research guidelines and release the first operational practice checklist explicitly integrating security and ethics governance. Our work delivers the NLPSec community its first systematic ethical assessment pathway and implementation roadmap, enabling the development of ethically conscious, practically enforceable research practices.

As NLP models are used by a growing number of end-users, an area of increasing importance is NLP Security (NLPSec): assessing the vulnerability of models to malicious attacks and developing comprehensive countermeasures against them. While work at the intersection of NLP and cybersecurity has the potential to create safer NLP for all, accidental oversights can result in tangible harm (e.g., breaches of privacy or proliferation of malicious models). In this emerging field, however, the research ethics of NLP have not yet faced many of the long-standing conundrums pertinent to cybersecurity, until now. We thus examine contemporary works across NLPSec, and explore their engagement with cybersecurity's ethical norms. We identify trends across the literature, ultimately finding alarming gaps on topics like harm minimization and responsible disclosure. To alleviate these concerns, we provide concrete recommendations to help NLP researchers navigate this space more ethically, bridging the gap between traditional cybersecurity and NLP ethics, which we frame as ``white hat NLP''. The goal of this work is to help cultivate an intentional culture of ethical research for those working in NLP Security.