English
Related papers

Related papers: Sparse Autoencoders are Capable LLM Jailbreak Miti…

200 papers

Sparse autoencoders (SAEs) have been applied to large language models and protein language models, but not systematically to electronic health record (EHR) foundation models. We train TopK SAEs on FlatASCEND, a 14.5-million-parameter…

Machine Learning · Computer Science 2026-05-07 Chris Sainsbury , Feng Dong , Andreas Karwath

Content Warning: This paper may contain unsafe or harmful content generated by LLMs that may be offensive to readers. Large Language Models (LLMs) increasingly serve as tooling platforms through structured output APIs, but the…

Cryptography and Security · Computer Science 2026-05-22 Shuoming Zhang , Jiacheng Zhao , Hanyuan Dong , Ruiyuan Xu , Zhicheng Li , Yangyu Zhang , Shuaijiang Li , Yuan Wen , Chunwei Xia , Zheng Wang , Xiaobing Feng , Huimin Cui

Large Language Models (LLMs) have transformed numerous fields by enabling advanced natural language interactions but remain susceptible to critical vulnerabilities, particularly jailbreak attacks. Current jailbreak techniques, while…

Cryptography and Security · Computer Science 2024-12-12 Yuxi Li , Zhibo Zhang , Kailong Wang , Ling Shi , Haoyu Wang

Modern large language models (LLMs) are typically secured by auditing data, prompts, and refusal policies, while treating the forward pass as an implementation detail. We show that intermediate activations in decoder-only LLMs form a…

Cryptography and Security · Computer Science 2025-11-24 Zhiyuan Xu , Stanislav Abaimov , Joseph Gardiner , Sana Belguith

Large Language Models have found success in a variety of applications. However, their safety remains a concern due to the existence of various jailbreaking methods. Despite significant efforts, alignment and safety fine-tuning only provide…

Computation and Language · Computer Science 2025-12-16 Darpan Aswal , Céline Hudelot

Sparse autoencoders (SAEs) are a popular tool for interpreting large language model activations, but their utility in addressing open questions in interpretability remains unclear. In this work, we demonstrate their effectiveness by using…

Machine Learning · Computer Science 2025-04-21 Dmitrii Kharlapenko , Stepan Shabalin , Fazl Barez , Arthur Conmy , Neel Nanda

Zero-day attack detection plays a critical role in mitigating risks, protecting assets, and staying ahead in the evolving threat landscape. This study explores the application of stacked autoencoder (SAE), a type of artificial neural…

Cryptography and Security · Computer Science 2023-11-02 Mahmut Tokmak , Mike Nkongolo

Unsupervised approaches to large language model (LLM) interpretability, such as sparse autoencoders (SAEs), offer a way to decode LLM activations into interpretable and, ideally, controllable concepts. On the one hand, these approaches…

Machine Learning · Computer Science 2026-03-03 Shruti Joshi , Andrea Dittadi , Sébastien Lachapelle , Dhanya Sridhar

As LLMs become more common, non-expert users can pose risks, prompting extensive research into jailbreak attacks. However, most existing black-box jailbreak attacks rely on hand-crafted heuristics or narrow search spaces, which limit…

Cryptography and Security · Computer Science 2025-11-21 Zhen Sun , Zongmin Zhang , Deqi Liang , Han Sun , Yule Liu , Yun Shen , Xiangshan Gao , Yilong Yang , Shuai Liu , Yutao Yue , Xinlei He

In-context learning, the ability to adapt based on a few examples in the input prompt, is a ubiquitous feature of large language models (LLMs). However, as LLMs' in-context learning abilities continue to improve, understanding this…

Machine Learning · Computer Science 2024-10-03 Can Demircan , Tankred Saanum , Akshay K. Jagadish , Marcel Binz , Eric Schulz

LLMs have made impressive progress, but their growing capabilities also expose them to highly flexible jailbreaking attacks designed to bypass safety alignment. While many existing defenses focus on known types of attacks, it is more…

Cryptography and Security · Computer Science 2025-05-27 Haoyu Wang , Zeyu Qin , Yifei Zhao , Chao Du , Min Lin , Xueqian Wang , Tianyu Pang

Vision-Language-Action (VLA) models have emerged as a promising approach for general-purpose robot manipulation. However, their generalization is inconsistent: while these models can perform impressively in some settings, fine-tuned…

Robotics · Computer Science 2026-03-20 Aiden Swann , Lachlain McGranahan , Hugo Buurmeijer , Monroe Kennedy , Mac Schwager

Small language models (SLMs) are increasingly deployed on edge devices, making their safety alignment crucial yet challenging. Current shallow alignment methods that rely on direct refusal of malicious queries fail to provide robust…

Cryptography and Security · Computer Science 2025-11-11 Haonan Shi , Guoli Wang , Tu Ouyang , An Wang

Vision-language models (VLMs) have advanced rapidly and are increasingly deployed in real-world applications, especially with the rise of agent-based systems. However, their safety has received relatively limited attention. Even the latest…

Computer Vision and Pattern Recognition · Computer Science 2026-05-11 Hao Wang , Yiqun Sun , Pengfei Wei , Lawrence B. Hsieh , Daisuke Kawahara

Despite the strong performance of large language models (LLMs) across diverse tasks, their susceptibility to adversarial attacks and unsafe content generation remains a significant obstacle to deployment, particularly in high-stakes…

Machine Learning · Computer Science 2026-05-25 Thanh Q. Tran , Arun Verma , Kiwan Wong , Bryan Kian Hsiang Low , Daniela Rus , Wei Xiao

Steering has emerged as a promising approach in controlling large language models (LLMs) without modifying model parameters. However, most existing steering methods rely on large-scale datasets to learn clear behavioral information, which…

Machine Learning · Computer Science 2025-10-06 Anyi Wang , Xuansheng Wu , Dong Shu , Yunpu Ma , Ninghao Liu

Defending against jailbreak attacks is crucial for the safe deployment of Large Language Models (LLMs). Recent research has attempted to improve safety by training models to reason over safety rules before responding. However, a key issue…

Artificial Intelligence · Computer Science 2026-01-08 Di Wu , Yanyan Zhao , Xin Lu , Mingzhe Li , Bing Qin

This paper introduces MetaDefense, a novel framework for defending against finetuning-based jailbreak attacks in large language models (LLMs). We observe that existing defense mechanisms fail to generalize to harmful queries disguised by…

Machine Learning · Computer Science 2025-10-10 Weisen Jiang , Sinno Jialin Pan

Multi-turn jailbreaks capture the real threat model for safety-aligned chatbots, where single-turn attacks are merely a special case. Yet existing approaches break under exploration complexity and intent drift. We propose SEMA, a simple yet…

Computation and Language · Computer Science 2026-02-09 Mingqian Feng , Xiaodong Liu , Weiwei Yang , Jialin Song , Xuekai Zhu , Chenliang Xu , Jianfeng Gao

Multimodal large language models (MLLMs) are gaining increasing attention. Due to the heterogeneity of their input features, they face significant challenges in terms of jailbreak defenses. Current defense methods rely on costly fine-tuning…

Artificial Intelligence · Computer Science 2026-05-13 Xinyi Zeng , Xue Yang , Jingyuan Zhang , Huanqian Yan , Xiang Chen , Kaiwen Wei , Hankun Kang , Yu Tian