CALM: Curiosity-Driven Auditing for Large Language Models

TL;DR

CALM introduces a reinforcement learning-based method for auditing black-box large language models by automatically discovering inputs that trigger harmful or biased outputs, addressing challenges of limited access and large search space.

Contribution

This paper presents CALM, a novel curiosity-driven auditing framework that uses reinforcement learning to effectively identify unsafe behaviors in black-box LLMs.

Findings

Successfully identified derogatory outputs involving celebrities.

Uncovered inputs that elicit politically sensitive responses.

Demonstrated effectiveness in a black-box setting.

Abstract

Auditing Large Language Models (LLMs) is a crucial and challenging task. In this study, we focus on auditing black-box LLMs without access to their parameters, only to the provided service. We treat this type of auditing as a black-box optimization problem where the goal is to automatically uncover input-output pairs of the target LLMs that exhibit illegal, immoral, or unsafe behaviors. For instance, we may seek a non-toxic input that the target LLM responds to with a toxic output or an input that induces the hallucinative response from the target LLM containing politically sensitive individuals. This black-box optimization is challenging due to the scarcity of feasible points, the discrete nature of the prompt space, and the large search space. To address these challenges, we propose Curiosity-Driven Auditing for Large Language Models (CALM), which uses intrinsically motivated reinforcement learning to finetune an LLM as the auditor agent to uncover potential harmful and biased input-output pairs of the target LLM. CALM successfully identifies derogatory completions involving celebrities and uncovers inputs that elicit specific names under the black-box setting. This work offers a promising direction for auditing black-box LLMs. Our code is available at https://github.com/x-zheng16/CALM.git.