English
Related papers

Related papers: Sparse Autoencoders are Capable LLM Jailbreak Miti…

200 papers

Sparse Autoencoders (SAEs) provide potentials for uncovering structured, human-interpretable representations in Large Language Models (LLMs), making them a crucial tool for transparent and controllable AI systems. We systematically analyze…

Machine Learning · Computer Science 2026-02-03 Jack Gallifant , Shan Chen , Kuleen Sasse , Hugo Aerts , Thomas Hartvigsen , Danielle S. Bitterman

Sparse Autoencoders (SAEs) are widely employed for mechanistic interpretability and model steering. Within this context, steering is by design performed by means of decoding altered SAE intermediate representations. This procedure…

Machine Learning · Computer Science 2025-12-08 Antonio Bărbălau , Cristian Daniel Păduraru , Teodor Poncu , Alexandru Tifrea , Elena Burceanu

A key challenge in AI alignment is guiding large language models (LLMs) to follow desired behaviors at test time. Activation steering, which modifies internal model activations during inference, offers a potential solution. However, prior…

Machine Learning · Computer Science 2025-03-04 Reza Bayat , Ali Rahimi-Kalahroudi , Mohammad Pezeshki , Sarath Chandar , Pascal Vincent

Sparse autoencoders (SAEs) are increasingly used for safety-relevant applications including alignment detection and model steering. These use cases require SAE latents to be as atomic as possible. Each latent should represent a single…

Machine Learning · Computer Science 2026-04-07 Matthew Levinson

Large Language Models (LLMs) have achieved strong complex reasoning capabilities through Chain-of-Thought (CoT) reasoning. However, their reasoning patterns remain too complicated to analyze. While Sparse Autoencoders (SAEs) have emerged as…

Machine Learning · Computer Science 2026-03-04 Xuan Yang , Jiayu Liu , Yuhang Lai , Hao Xu , Zhenya Huang , Ning Miao

Large language models (LLMs) are widely used for task understanding and action planning in embodied intelligence (EI) systems, but their adoption substantially increases vulnerability to jailbreak attacks. While recent work explores…

Cryptography and Security · Computer Science 2026-01-06 Jirui Yang , Zheyu Lin , Zhihui Lu , Yinggui Wang , Lei Wang , Tao Wei , Qiang Duan , Xin Du , Shuhan Yang

Sparse autoencoders (SAEs) decompose language model activations into interpretable features, but existing methods reveal only which features activate, not which change model outputs when amplified. We introduce Control Reinforcement…

Machine Learning · Computer Science 2026-05-05 Seonglae Cho , Zekun Wu , Adriano Koshiyama

Jailbreak prompts can trigger harmful completions on aligned LLMs, In accordance, safety steering has been proposed: test-time activation interventions that steer jailbreak activations to trigger refusal while preserving benign utility.…

Cryptography and Security · Computer Science 2026-05-26 Luoyu Chen , Weiqi Wang , Zhiyi Tian , Chenhan Zhang , Feng Wu , Jianhuan Huang , Ahmed Asiri , Shui Yu

Jailbreaking is an emerging adversarial attack that bypasses the safety alignment deployed in off-the-shelf large language models (LLMs) and has evolved into multiple categories: human-based, optimization-based, generation-based, and the…

Cryptography and Security · Computer Science 2025-02-06 Xunguang Wang , Daoyuan Wu , Zhenlan Ji , Zongjie Li , Pingchuan Ma , Shuai Wang , Yingjiu Li , Yang Liu , Ning Liu , Juergen Rahmel

Recent work has found that sparse autoencoders (SAEs) are an effective technique for unsupervised discovery of interpretable features in language models' (LMs) activations, by finding sparse, linear reconstructions of LM activations. We…

Machine Learning · Computer Science 2024-05-01 Senthooran Rajamanoharan , Arthur Conmy , Lewis Smith , Tom Lieberum , Vikrant Varma , János Kramár , Rohin Shah , Neel Nanda

Large Language Models (LLMs) remain susceptible to jailbreak exploits that bypass safety filters and induce harmful or unethical behavior. This work presents a systematic taxonomy of existing jailbreak defenses across prompt-level,…

Cryptography and Security · Computer Science 2025-11-25 Ryan Wong , Hosea David Yu Fei Ng , Dhananjai Sharma , Glenn Jun Jie Ng , Kavishvaran Srinivasan

We study how reliably sparse autoencoders (SAEs) support claims about reasoning-related internal features in large language models. We first give a stylized analysis showing that sparsity-regularized decoding can preferentially retain…

Machine Learning · Computer Science 2026-05-19 George Ma , Zhongyuan Liang , Irene Y. Chen , Somayeh Sojoudi

Large Language Models (LLMs) encode factual knowledge within hidden parametric spaces that are difficult to inspect or control. While Sparse Autoencoders (SAEs) can decompose hidden activations into more fine-grained, interpretable…

Machine Learning · Computer Science 2026-01-14 Minglai Yang , Xinyu Guo , Zhengliang Shi , Jinhe Bi , Steven Bethard , Mihai Surdeanu , Liangming Pan

Sparse Autoencoders (SAEs) have been proposed as an unsupervised approach to learn a decomposition of a model's latent space. This enables useful applications such as steering - influencing the output of a model towards a desired concept -…

Machine Learning · Computer Science 2025-12-23 Dana Arad , Aaron Mueller , Yonatan Belinkov

Sparse autoencoders (SAEs) enable interpretability research by decomposing entangled model activations into monosemantic features. However, under what circumstances SAEs derive most fine-grained latent features for safety, a low-frequency…

Machine Learning · Computer Science 2026-04-15 Jiaqi Weng , Han Zheng , Hanyu Zhang , Ej Zhou , Qinqin He , Jialing Tao , Hui Xue , Zhixuan Chu , Xiting Wang

Conversational large language models are trained to refuse to answer harmful questions. However, emergent jailbreaking techniques can still elicit unsafe outputs, presenting an ongoing challenge for model alignment. To better understand how…

Computation and Language · Computer Science 2024-10-08 Sarah Ball , Frauke Kreuter , Nina Panickssery

Sparse autoencoders (SAEs) promise a unified approach for mechanistic interpretability, concept discovery, and model steering in LLMs and LVLMs. However, realizing this potential requires learned features to be both interpretable and…

Machine Learning · Computer Science 2026-04-01 Akshay Kulkarni , Tsui-Wei Weng , Vivek Narayanaswamy , Shusen Liu , Wesam A. Sakla , Kowshik Thopalli

Despite explicit alignment efforts for large language models (LLMs), they can still be exploited to trigger unintended behaviors, a phenomenon known as "jailbreaking." Current jailbreak attack methods mainly focus on discrete prompt…

Cryptography and Security · Computer Science 2025-02-18 Guanghao Zhou , Panjia Qiu , Mingyuan Fan , Cen Chen , Mingyuan Chu , Xin Zhang , Jun Zhou

Large language models (LLMs) have made significant advancements across various tasks, but their safety alignment remain a major concern. Exploring jailbreak prompts can expose LLMs' vulnerabilities and guide efforts to secure them. Existing…

Cryptography and Security · Computer Science 2025-11-25 Xiaoning Dong , Wenbo Hu , Wei Xu , Tianxing He

As large language models (LLMs) become integral to various applications, ensuring both their safety and utility is paramount. Jailbreak attacks, which manipulate LLMs into generating harmful content, pose significant challenges to this…

Cryptography and Security · Computer Science 2025-02-10 Guobin Shen , Dongcheng Zhao , Yiting Dong , Xiang He , Yi Zeng