A Self-Improving Architecture for Dynamic Safety in Large Language Models

TL;DR

This paper introduces SISF, a self-improving architecture for LLM safety that autonomously detects breaches and synthesizes defenses at runtime, significantly reducing attack success rates.

Contribution

The paper presents the SISF framework, enabling LLMs to adaptively improve safety defenses without retraining through a MAPE-K based feedback loop.

Findings

SISF achieved a mean Attack Success Rate of 0.27%.

Generated 240 defense policies per trial across experiments.

Reduced residual ASR from 7.88% to 0.00% when stacked with Llama Guard 4.

Abstract

Context: Large Language Models (LLMs) rely on static, pre-deployment safety mechanisms that cannot adapt to adversarial threats discovered after release. Objective: To design a software architecture enabling LLM-based systems to autonomously detect safety failures and synthesize defense policies at runtime, without retraining or manual intervention. Method: We propose the Self-Improving Safety Framework (SISF), grounded in the MAPE-K reference model. The framework couples a target LLM with a feedback loop: an Adjudicator detects breaches, a Policy Synthesis Module generates dual-mechanism defense policies (heuristic and semantic), and a Warden enforces them. We conducted seven experiments (10,061 evaluations) across four model families. Results: Across five reproducibility trials, SISF achieved a mean Attack Success Rate (ASR) of 0.27% (+/-0.15%), autonomously generating 240 policies per trial. Cross-model evaluation confirmed deployment portability. A held-out test showed a 68.5% proactive interception rate on unseen attacks. Stacked behind Llama Guard 4, the combined defense reduced residual ASR from 7.88% to 0.00%. Ablation confirmed both heuristic and semantic policy types are architecturally required. Conclusion: Self-adaptive architecture is a viable approach to LLM safety. SISF achieves sub-1% ASR through synchronous output monitoring, progressively shifting enforcement to fast, local Warden policies via the MAPE-K loop, offering a new pattern for building resilient AI systems.