Large language models (LLMs) have emerged as an important source of information for millions of users. However, these users might become exposed to toxic (unsafe) language, especially if they attempt to circumvent LLM’s safeguards by jailbreaking it. To improve the safety of LLMs, this study investigates four different activation engineering methods that steer model outputs towards safety: one simple embedding addition (SPI), a cosine similarity-based method (SPCI), a projection-based method (SPP), and a multi-simple addition method (MPI). These safety improvements should be an alternative to the traditional methods, which are still vulnerable to jailbreaks and other methods of uncensoring. We test the four activation engineering methods experimentally to show that they can prevent outputs containing profanity, whilst retaining high-quality outputs for normal prompts. Both quantitative and qualitative experiments on profanity show that single-point projection can successfully defend against two-thirds of the jailbreak attacks without damaging harmless outputs.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Steering LLMs Towards Safer Shores

  • Victor Batenburg,
  • Gijs Wijnholds,
  • Olga Gadyatskaya

摘要

Large language models (LLMs) have emerged as an important source of information for millions of users. However, these users might become exposed to toxic (unsafe) language, especially if they attempt to circumvent LLM’s safeguards by jailbreaking it. To improve the safety of LLMs, this study investigates four different activation engineering methods that steer model outputs towards safety: one simple embedding addition (SPI), a cosine similarity-based method (SPCI), a projection-based method (SPP), and a multi-simple addition method (MPI). These safety improvements should be an alternative to the traditional methods, which are still vulnerable to jailbreaks and other methods of uncensoring. We test the four activation engineering methods experimentally to show that they can prevent outputs containing profanity, whilst retaining high-quality outputs for normal prompts. Both quantitative and qualitative experiments on profanity show that single-point projection can successfully defend against two-thirds of the jailbreak attacks without damaging harmless outputs.