BarrierSteer: LLM Safety via Learning Barrier Steering

TL;DR

BarrierSteer introduces a safety framework for large language models that embeds learned safety constraints into the model's latent space, effectively reducing unsafe outputs without altering the original model.

Contribution

It proposes a novel safety mechanism using Control Barrier Functions in latent space, providing theoretical guarantees and practical effectiveness for LLM safety.

Findings

Significantly reduces adversarial attack success rates

Decreases unsafe content generation

Maintains original model performance

Abstract

Despite the state-of-the-art performance of large language models (LLMs) across diverse tasks, their susceptibility to adversarial attacks and unsafe content generation remains a major obstacle to deployment, particularly in high-stakes settings. Addressing this challenge requires safety mechanisms that are both practically effective and supported by rigorous theory. We introduce BarrierSteer, a novel framework that formalizes response safety by embedding learned non-linear safety constraints directly into the model's latent representation space. BarrierSteer employs a steering mechanism based on Control Barrier Functions (CBFs) to efficiently detect and prevent unsafe response trajectories during inference with high precision. By enforcing multiple safety constraints through efficient constraint merging, without modifying the underlying LLM parameters, BarrierSteer preserves the model's original capabilities and performance. We provide theoretical results establishing that applying CBFs in latent space offers a principled and computationally efficient approach to enforcing safety. Our experiments across multiple models and datasets show that BarrierSteer substantially reduces adversarial success rates, decreases unsafe generations, and outperforms existing methods.