English

Should LLM Safety Be More Than Refusing Harmful Instructions?

Computation and Language 2025-06-05 v2

Abstract

This paper presents a systematic evaluation of Large Language Models' (LLMs) behavior on long-tail distributed (encrypted) texts and their safety implications. We introduce a two-dimensional framework for assessing LLM safety: (1) instruction refusal-the ability to reject harmful obfuscated instructions, and (2) generation safety-the suppression of generating harmful responses. Through comprehensive experiments, we demonstrate that models that possess capabilities to decrypt ciphers may be susceptible to mismatched-generalization attacks: their safety mechanisms fail on at least one safety dimension, leading to unsafe responses or over-refusal. Based on these findings, we evaluate a number of pre-LLM and post-LLM safeguards and discuss their strengths and limitations. This work contributes to understanding the safety of LLM in long-tail text scenarios and provides directions for developing robust safety mechanisms.

Keywords

Cite

@article{arxiv.2506.02442,
  title  = {Should LLM Safety Be More Than Refusing Harmful Instructions?},
  author = {Utsav Maskey and Mark Dras and Usman Naseem},
  journal= {arXiv preprint arXiv:2506.02442},
  year   = {2025}
}

Comments

Preprint

R2 v1 2026-07-01T02:55:53.357Z