English
Related papers

Related papers: Efficient Refusal Ablation in LLM through Optimal …

200 papers

Refusal behavior in aligned LLMs is often viewed as model-specific, yet we hypothesize it stems from a universal, low-dimensional semantic circuit shared across models. To test this, we introduce Trajectory Replay via Concept-Basis…

Computation and Language · Computer Science 2026-01-27 Tony Cristofano

Deep learning classifiers are now known to have flaws in the representations of their class. Adversarial attacks can find a human-imperceptible perturbation for a given image that will mislead a trained model. The most effective methods to…

Machine Learning · Computer Science 2021-05-19 Quentin Bouniot , Romaric Audigier , Angélique Loesch

Current alignment evaluation mostly measures whether models encode dangerous concepts and whether they refuse harmful requests. Both miss the layer where alignment often operates: routing from concept detection to behavioral policy. We…

Machine Learning · Computer Science 2026-05-04 Gregory N. Frank

Safety alignment in large language models (LLMs), particularly for cybersecurity tasks, primarily focuses on preventing misuse. While this approach reduces direct harm, it obscures a complementary failure mode: denial of assistance to…

Cryptography and Security · Computer Science 2026-03-12 David Campbell , Neil Kale , Udari Madhushani Sehwag , Bert Herring , Nick Price , Dan Borges , Alex Levinson , Christina Q Knight

Conversational large language models are fine-tuned for both instruction-following and safety, resulting in models that obey benign requests but refuse harmful ones. While this refusal behavior is widespread across chat models, its…

Machine Learning · Computer Science 2024-11-01 Andy Arditi , Oscar Obeso , Aaquib Syed , Daniel Paleka , Nina Panickssery , Wes Gurnee , Neel Nanda

Despite significant progress in alignment, large language models (LLMs) remain vulnerable to adversarial attacks that elicit harmful behaviors. Activation steering techniques offer a promising inference-time intervention approach, but…

Machine Learning · Computer Science 2026-01-28 Quy-Anh Dang , Chris Ngo

Safety alignment is often conceptualized as a monolithic process wherein harmfulness detection automatically triggers refusal. However, the persistence of jailbreak attacks suggests a fundamental mechanistic decoupling. We propose the…

Cryptography and Security · Computer Science 2026-03-16 Jinman Wu , Yi Xie , Shen Lin , Shiqian Zhao , Xiaofeng Chen

Safety alignment aims to ensure that large language models (LLMs) refuse harmful requests by post-training on harmful queries paired with refusal answers. Although safety alignment is widely adopted in industry, the overrefusal problem…

Artificial Intelligence · Computer Science 2026-03-13 Zhiyu Xue , Zimo Qi , Guangliang Liu , Bocheng Chen , Ramtin Pedarsani

Safety alignment is a key requirement for building reliable Artificial General Intelligence. Despite significant advances in safety alignment, we observe that minor latent shifts can still trigger unsafe responses in aligned models. We…

Machine Learning · Computer Science 2025-06-23 Tianle Gu , Kexin Huang , Zongqi Wang , Yixu Wang , Jie Li , Yuanqi Yao , Yang Yao , Yujiu Yang , Yan Teng , Yingchun Wang

Large language models (LLMs) are susceptible to social-engineered attacks that are human-interpretable but require a high level of comprehension for LLMs to counteract. Existing defensive measures can only mitigate less than half of these…

Computation and Language · Computer Science 2025-05-01 Canaan Yung , Hadi Mohaghegh Dolatabadi , Sarah Erfani , Christopher Leckie

Aligned language models refuse harmful instructions, but the representations through which they recognise such instructions are less well characterised than the behaviours they produce. Harmful intent is linearly separable from…

Machine Learning · Computer Science 2026-05-12 Isaac Llorente-Saguer

Traditional white-box methods for creating adversarial perturbations against LLMs typically rely only on gradient computation from the targeted model, ignoring the internal mechanisms responsible for attack success or failure. Conversely,…

Machine Learning · Computer Science 2025-05-07 Thomas Winninger , Boussad Addad , Katarzyna Kapusta

Recent work has shown that language models' refusal behavior is primarily encoded in a single direction in their latent space, making it vulnerable to targeted attacks. Although Latent Adversarial Training (LAT) attempts to improve…

Computation and Language · Computer Science 2025-04-29 Alexandra Abbas , Nora Petrova , Helios Ael Lyons , Natalia Perez-Campanero

Representation Engineering analyses often characterize refusal using static directions extracted from terminal or pooled representations. We ask whether this view misses how refusal is constructed across layer-token positions. Using causal…

Cryptography and Security · Computer Science 2026-05-27 Xulin Hu , Che Wang , Wei Yang Bryan Lim , Jianbo Gao , Zhong Chen

Multimodal large language models (MLLMs) often fail to transfer safety capabilities learned in the text modality to semantically equivalent non-text inputs, revealing a persistent multimodal safety gap. We study this gap from a…

Artificial Intelligence · Computer Science 2026-05-19 Jiahe Guo , Xiangran Guo , Jiaxuan Chen , Weixiang Zhao , Yanyan Zhao , Yutai Hou , Qianchao Wang , Dandan Tu , Bing Qin

Language models are instruction-tuned to refuse harmful requests, but the mechanisms underlying this behavior remain poorly understood. Popular steering methods operate on the residual stream and degrade output coherence at high…

Machine Learning · Computer Science 2026-05-13 Sam Herring , Jake Naviasky , Karan Malhotra

This study addresses a critical gap in safety tuning practices for Large Language Models (LLMs) by identifying and tackling a refusal position bias within safety tuning data, which compromises the models' ability to appropriately refuse…

Computation and Language · Computer Science 2025-05-26 Youliang Yuan , Wenxiang Jiao , Wenxuan Wang , Jen-tse Huang , Jiahao Xu , Tian Liang , Pinjia He , Zhaopeng Tu

LLMs are trained to refuse harmful instructions, but do they truly understand harmfulness beyond just refusing? Prior work has shown that LLMs' refusal behaviors can be mediated by a one-dimensional subspace, i.e., a refusal direction. In…

Computation and Language · Computer Science 2025-12-16 Jiachen Zhao , Jing Huang , Zhengxuan Wu , David Bau , Weiyan Shi

While modern LLMs are aligned to refuse harmful requests, it is essential to understand the underlying mechanistic basis of this refusal behavior for model safety analysis. For example, steering-based jailbreak attacks exploit this by…

Artificial Intelligence · Computer Science 2026-05-28 Su-Hyeon Kim , Hyundong Jin , Yejin Lee , Yo-Sub Han

Safety-aligned large language models rely on RLHF and instruction tuning to refuse harmful requests, yet the internal mechanisms implementing safety behavior remain poorly understood. We introduce the Attention Redistribution Attack (ARA),…

Cryptography and Security · Computer Science 2026-05-04 Aviral Srivastava , Sourav Panda