DynaUnlearn: Continual Adversarial Unlearning for Robust Safety in LLM Agents
摘要
Ensuring the safety of large language model (LLM) agents in dynamic environments requires continuous adaptation to evolving adversarial threats. We introduce DynaUnlearn, a novel framework that performs continual adversarial unlearning by integrating real-time adversarial input generation with targeted parameter erasure and periodic robustness validation. During deployment, DynaUnlearn first synthesizes adversarial test cases through embedding-space perturbations to uncover latent unsafe behaviors. Upon detection, a meta-unlearning module applies gradient-based erasure on flagged parameter subspaces, effectively removing harmful patterns without full retraining. To prevent re-emergence of unsafe tendencies, DynaUnlearn employs an adaptive scheduling strategy that calibrates unlearning intensity based on observed safety metrics. A Safety Assurance Dashboard continuously monitors indicators such as attack success rate and harmful-content score, triggering automatic unlearning cycles when thresholds are breached. We evaluate DynaUnlearn on multiple LLM agent benchmarks under continuous attack scenarios, demonstrating sustained safety improvements—up to 60% reduction in attack success rate over extended deployment—with under 1.5% degradation in task performance. These results confirm that continual adversarial unlearning is an effective strategy for maintaining robust safety alignment in real-world LLM agent applications.