Steering Externalities: Benign Activation Steering Unintentionally Increases Jailbreak Risk for Large Language Models

TL;DR

Activation steering in large language models, while useful for alignment, can unintentionally weaken safety measures and significantly increase vulnerability to jailbreak attacks, highlighting the need for careful safety auditing.

Contribution

This paper uncovers the phenomenon of Steering Externalities, demonstrating how benign activation steering can erode safety guardrails and elevate jailbreak risks in LLMs.

Findings

Steering vectors from benign datasets can erode safety guardrails.

Activation steering increases jailbreak success rates to over 80%.

Safety externalities are a critical blind spot in deployment.

Abstract

Activation steering is a practical post-training model alignment technique to enhance the utility of Large Language Models (LLMs). Prior to deploying a model as a service, developers can steer a pre-trained model toward specific behavioral objectives, such as compliance or instruction adherence, without the need for retraining. This process is as simple as adding a steering vector to the model's internal representations. However, this capability unintentionally introduces critical and under-explored safety risks. We identify a phenomenon termed Steering Externalities, where steering vectors derived from entirely benign datasets-such as those enforcing strict compliance or specific output formats like JSON-inadvertently erode safety guardrails. Experiments reveal that these interventions act as a force multiplier, creating new vulnerabilities to jailbreaks and increasing attack success rates to over 80% on standard benchmarks by bypassing the initial safety alignment. Ultimately, our results expose a critical blind spot in deployment: benign activation steering systematically erodes the "safety margin," rendering models more vulnerable to black-box attacks and proving that inference-time utility improvements must be rigorously audited for unintended safety externalities.