The Art of Defending: A Systematic Evaluation and Analysis of LLM Defense Strategies on Safety and Over-Defensiveness

TL;DR

This paper introduces the SODE benchmark for evaluating LLM safety and over-defensiveness, systematically analyzing various defense strategies across multiple models to identify their strengths and weaknesses.

Contribution

It presents a comprehensive benchmark and analysis framework for assessing LLM safety strategies, revealing critical insights into their effectiveness and limitations.

Findings

Self-checking improves safety but causes over-defensiveness.

Safety instructions with exemplars enhance safety and reduce over-defensiveness.

Contextual knowledge can compromise safety guardrails.

Abstract

As Large Language Models (LLMs) play an increasingly pivotal role in natural language processing applications, their safety concerns become critical areas of NLP research. This paper presents Safety and Over-Defensiveness Evaluation (SODE) benchmark: a collection of diverse safe and unsafe prompts with carefully designed evaluation methods that facilitate systematic evaluation, comparison, and analysis over 'safety' and 'over-defensiveness.' With SODE, we study a variety of LLM defense strategies over multiple state-of-the-art LLMs, which reveals several interesting and important findings, such as (a) the widely popular 'self-checking' techniques indeed improve the safety against unsafe inputs, but this comes at the cost of extreme over-defensiveness on the safe inputs, (b) providing a safety instruction along with in-context exemplars (of both safe and unsafe inputs) consistently improves safety and also mitigates undue over-defensiveness of the models, (c) providing contextual knowledge easily breaks the safety guardrails and makes the models more vulnerable to generating unsafe responses. Overall, our work reveals numerous such critical findings that we believe will pave the way and facilitate further research in improving the safety of LLMs.