Enhancing Model Defense Against Jailbreaks with Proactive Safety Reasoning

TL;DR

This paper introduces Safety Chain-of-Thought (SCoT), a proactive safety reasoning method that improves LLM defenses against jailbreaks by analyzing harmful inputs before response generation, surpassing traditional reactive approaches.

Contribution

The paper presents SCoT, a novel reasoning-based defense that enhances LLM safety by proactively assessing harmful requests and generating detailed refusals, outperforming existing methods.

Findings

SCoT significantly reduces vulnerability to jailbreak attacks.

SCoT improves generalization across diverse harmful queries.

SCoT maintains strong language modeling capabilities.

Abstract

Large language models (LLMs) are vital for a wide range of applications yet remain susceptible to jailbreak threats, which could lead to the generation of inappropriate responses. Conventional defenses, such as refusal and adversarial training, often fail to cover corner cases or rare domains, leaving LLMs still vulnerable to more sophisticated attacks. We propose a novel defense strategy, Safety Chain-of-Thought (SCoT), which harnesses the enhanced \textit{reasoning capabilities} of LLMs for proactive assessment of harmful inputs, rather than simply blocking them. SCoT augments any refusal training datasets to critically analyze the intent behind each request before generating answers. By employing proactive reasoning, SCoT enhances the generalization of LLMs across varied harmful queries and scenarios not covered in the safety alignment corpus. Additionally, it generates detailed refusals specifying the rules violated. Comparative evaluations show that SCoT significantly surpasses existing defenses, reducing vulnerability to out-of-distribution issues and adversarial manipulations while maintaining strong general capabilities.