Ensuring the safety of large language model (LLM) agents in dynamic environments requires continuous adaptation to evolving adversarial threats. We introduce DynaUnlearn, a novel framework that performs continual adversarial unlearning by integrating real-time adversarial input generation with targeted parameter erasure and periodic robustness validation. During deployment, DynaUnlearn first synthesizes adversarial test cases through embedding-space perturbations to uncover latent unsafe behaviors. Upon detection, a meta-unlearning module applies gradient-based erasure on flagged parameter subspaces, effectively removing harmful patterns without full retraining. To prevent re-emergence of unsafe tendencies, DynaUnlearn employs an adaptive scheduling strategy that calibrates unlearning intensity based on observed safety metrics. A Safety Assurance Dashboard continuously monitors indicators such as attack success rate and harmful-content score, triggering automatic unlearning cycles when thresholds are breached. We evaluate DynaUnlearn on multiple LLM agent benchmarks under continuous attack scenarios, demonstrating sustained safety improvements—up to 60% reduction in attack success rate over extended deployment—with under 1.5% degradation in task performance. These results confirm that continual adversarial unlearning is an effective strategy for maintaining robust safety alignment in real-world LLM agent applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

DynaUnlearn: Continual Adversarial Unlearning for Robust Safety in LLM Agents

  • Xie Nina,
  • Deng Xinyu

摘要

Ensuring the safety of large language model (LLM) agents in dynamic environments requires continuous adaptation to evolving adversarial threats. We introduce DynaUnlearn, a novel framework that performs continual adversarial unlearning by integrating real-time adversarial input generation with targeted parameter erasure and periodic robustness validation. During deployment, DynaUnlearn first synthesizes adversarial test cases through embedding-space perturbations to uncover latent unsafe behaviors. Upon detection, a meta-unlearning module applies gradient-based erasure on flagged parameter subspaces, effectively removing harmful patterns without full retraining. To prevent re-emergence of unsafe tendencies, DynaUnlearn employs an adaptive scheduling strategy that calibrates unlearning intensity based on observed safety metrics. A Safety Assurance Dashboard continuously monitors indicators such as attack success rate and harmful-content score, triggering automatic unlearning cycles when thresholds are breached. We evaluate DynaUnlearn on multiple LLM agent benchmarks under continuous attack scenarios, demonstrating sustained safety improvements—up to 60% reduction in attack success rate over extended deployment—with under 1.5% degradation in task performance. These results confirm that continual adversarial unlearning is an effective strategy for maintaining robust safety alignment in real-world LLM agent applications.