Chain-of-Thought Driven Adversarial Scenario Extrapolation for Robust Language Models

TL;DR

This paper presents ASE, a novel inference-time framework using Chain-of-Thought reasoning to improve large language models' robustness against adversarial attacks while maintaining user experience.

Contribution

It introduces Adversarial Scenario Extrapolation (ASE), a new method that enhances LLM robustness and seamlessness through self-generative adversarial scenario contemplation.

Findings

Near-zero jailbreak success rates achieved.

Significant reduction in toxicity and bias scores.

Outperforms existing defenses in robustness and seamlessness.

Abstract

Large Language Models (LLMs) exhibit impressive capabilities, but remain susceptible to a growing spectrum of safety risks, including jailbreaks, toxic content, hallucinations, and bias. Existing defenses often address only a single threat type or resort to rigid outright rejection, sacrificing user experience and failing to generalize across diverse and novel attacks. This paper introduces Adversarial Scenario Extrapolation (ASE), a novel inference-time computation framework that leverages Chain-of-Thought (CoT) reasoning to simultaneously enhance LLM robustness and seamlessness. ASE guides the LLM through a self-generative process of contemplating potential adversarial scenarios and formulating defensive strategies before generating a response to the user query. Comprehensive evaluation on four adversarial benchmarks with four latest LLMs shows that ASE achieves near-zero jailbreak attack success rates and minimal toxicity, while slashing outright rejections to <4%. ASE outperforms six state-of-the-art defenses in robustness-seamlessness trade-offs, with 92-99% accuracy on adversarial Q&A and 4-10x lower bias scores. By transforming adversarial perception into an intrinsic cognitive process, ASE sets a new paradigm for secure and natural human-AI interaction.