Steering LLMs Towards Safer Shores
摘要
Large language models (LLMs) have emerged as an important source of information for millions of users. However, these users might become exposed to toxic (unsafe) language, especially if they attempt to circumvent LLM’s safeguards by jailbreaking it. To improve the safety of LLMs, this study investigates four different activation engineering methods that steer model outputs towards safety: one simple embedding addition (SPI), a cosine similarity-based method (SPCI), a projection-based method (SPP), and a multi-simple addition method (MPI). These safety improvements should be an alternative to the traditional methods, which are still vulnerable to jailbreaks and other methods of uncensoring. We test the four activation engineering methods experimentally to show that they can prevent outputs containing profanity, whilst retaining high-quality outputs for normal prompts. Both quantitative and qualitative experiments on profanity show that single-point projection can successfully defend against two-thirds of the jailbreak attacks without damaging harmless outputs.