QGuard:Question-based Zero-shot Guard for Multi-modal LLM Safety

TL;DR

QGuard introduces a zero-shot question-based safety mechanism to effectively block harmful prompts in multi-modal LLMs, enhancing security without requiring model fine-tuning.

Contribution

It presents a novel question prompting approach that defends against both text and multi-modal harmful prompts without fine-tuning, maintaining robustness through question diversification.

Findings

Performs competitively on harmful prompt detection datasets

Effective against multi-modal harmful prompt attacks

Enables white-box analysis of user inputs

Abstract

The recent advancements in Large Language Models(LLMs) have had a significant impact on a wide range of fields, from general domains to specialized areas. However, these advancements have also significantly increased the potential for malicious users to exploit harmful and jailbreak prompts for malicious attacks. Although there have been many efforts to prevent harmful prompts and jailbreak prompts, protecting LLMs from such malicious attacks remains an important and challenging task. In this paper, we propose QGuard, a simple yet effective safety guard method, that utilizes question prompting to block harmful prompts in a zero-shot manner. Our method can defend LLMs not only from text-based harmful prompts but also from multi-modal harmful prompt attacks. Moreover, by diversifying and modifying guard questions, our approach remains robust against the latest harmful prompts without fine-tuning. Experimental results show that our model performs competitively on both text-only and multi-modal harmful datasets. Additionally, by providing an analysis of question prompting, we enable a white-box analysis of user inputs. We believe our method provides valuable insights for real-world LLM services in mitigating security risks associated with harmful prompts.