SafeSwitch: Steering Unsafe LLM Behavior via Internal Activation Signals

TL;DR

SafeSwitch introduces a dynamic safety mechanism for LLMs that detects harmful intentions internally and activates safety responses, significantly reducing unsafe outputs while maintaining utility.

Contribution

The paper presents SafeSwitch, a novel framework that leverages internal activation signals for real-time safety regulation in LLMs, with minimal parameter tuning.

Findings

Reduces harmful outputs by approximately 80%

Maintains strong utility and context-aware refusals

Uses less than 6% of parameters for tuning

Abstract

Large language models (LLMs) exhibit exceptional capabilities across various tasks but also pose risks by generating harmful content. Existing safety mechanisms, while improving model safety, often lead to overly cautious behavior and fail to fully leverage LLMs' internal cognitive processes. Inspired by humans' reflective thinking capability, we first show that LLMs can similarly perform internal assessments about safety in their internal states. Building on this insight, we propose SafeSwitch, a dynamic framework that regulates unsafe outputs by utilizing the prober-based internal state monitor that actively detects harmful intentions, and activates a safety head that leads to safer and more conservative responses only when necessary. SafeSwitch reduces harmful outputs by approximately 80% on harmful queries while maintaining strong utility, reaching a Pareto optimal among several methods. Our method is also advantageous over traditional methods in offering more informative, context-aware refusals, and achieves these benefits while only tuning less than 6% of the original parameters. SafeSwitch demonstrates large language models' capacity for self-awareness and reflection regarding safety, offering a promising approach to more nuanced and effective safety controls. Codes for this work are available at https://github.com/Hanpx20/SafeSwitch.