Auto-Tuning Safety Guardrails for Black-Box Large Language Models

TL;DR

This paper proposes treating safety guardrails for black-box large language models as hyperparameters, optimizing their configurations efficiently with black-box optimization to improve safety and robustness.

Contribution

It introduces a hyperparameter optimization approach for safety guardrails, demonstrating effective tuning with fewer evaluations compared to grid search.

Findings

Black-box optimization reliably finds optimal guardrail configurations.

Optimized guardrails require significantly less evaluation time.

Treating safety measures as hyperparameters enhances deployment safety.

Abstract

Large language models (LLMs) are increasingly deployed behind safety guardrails such as system prompts and content filters, especially in settings where product teams cannot modify model weights. In practice these guardrails are typically hand-tuned, brittle, and difficult to reproduce. This paper studies a simple but practical alternative: treat safety guardrail design itself as a hyperparameter optimization problem over a frozen base model. Concretely, I wrap Mistral-7B-Instruct with modular jailbreak and malware system prompts plus a ModernBERT-based harmfulness classifier, then evaluate candidate configurations on three public benchmarks covering malware generation, classic jailbreak prompts, and benign user queries. Each configuration is scored using malware and jailbreak attack success rate, benign harmful-response rate, and end-to-end latency. A 48-point grid search over prompt combinations and filter modes establishes a baseline. I then run a black-box Optuna study over the same space and show that it reliably rediscovers the best grid configurations while requiring an order of magnitude fewer evaluations and roughly 8x less wall-clock time. The results suggest that viewing safety guardrails as tunable hyperparameters is a feasible way to harden black-box LLM deployments under compute and time constraints.