Context-Aware Hierarchical Learning: A Two-Step Paradigm towards Safer LLMs

TL;DR

This paper identifies vulnerabilities in large language models related to function-calling exploits, introduces a new security benchmark, and proposes a context-aware hierarchical learning method to improve model robustness against such attacks.

Contribution

The paper introduces the Tool-Completion Attack vulnerability, the Tool-Completion benchmark for security assessment, and the Context-Aware Hierarchical Learning mechanism to enhance LLM safety.

Findings

LLMs are vulnerable to Tool-Completion Attacks with high success rates.

CAHL significantly improves robustness against adversarial attacks.

CAHL maintains performance on standard tasks while enhancing security.

Abstract

Large Language Models (LLMs) have emerged as powerful tools for diverse applications. However, their uniform token processing paradigm introduces critical vulnerabilities in instruction handling, particularly when exposed to adversarial scenarios. In this work, we identify and propose a novel class of vulnerabilities, termed Tool-Completion Attack (TCA), which exploits function-calling mechanisms to subvert model behavior. To evaluate LLM robustness against such threats, we introduce the Tool-Completion benchmark, a comprehensive security assessment framework, which reveals that even state-of-the-art models remain susceptible to TCA, with surprisingly high attack success rates. To address these vulnerabilities, we introduce Context-Aware Hierarchical Learning (CAHL), a sophisticated mechanism that dynamically balances semantic comprehension with role-specific instruction constraints. CAHL leverages the contextual correlations between different instruction segments to establish a robust, context-aware instruction hierarchy. Extensive experiments demonstrate that CAHL significantly enhances LLM robustness against both conventional attacks and the proposed TCA, exhibiting strong generalization capabilities in zero-shot evaluations while still preserving model performance on generic tasks. Our code is available at https://github.com/S2AILab/CAHL.