Jailbreak Defense

TL;DR Reasoned Safety Alignment (ReSA) reframes safety from guarding inputs to auditing intended outputs. The model first drafts a concise intended answer summary in hidden reasoning, then runs a safety analysis on that summary before issuing the final reply. In evaluations across StrongREJECT, HarmBench, and AdvBench with multiple adaptive attacks (PAIR, PAP, GPTFuzzer, ReNeLLM, TAP, DeepInception), ReSA‑tuned models beat fine‑tuned and post‑hoc baselines while reducing over‑refusals and preserving reasoning performance. Notably, authors report competitive gains with only ~500 training samples, hinting that robust safety behaviors may be learned data‑efficiently. ...

Large language models have come a long way in learning to say “no.” When asked to give instructions for illegal acts or harmful behavior, modern LLMs are generally aligned to refuse. But a new class of attacks—logit manipulation—sidesteps this safety net entirely. Instead of tricking the model through prompts, it intervenes after the prompt is processed, modifying token probabilities during generation. This paper introduces Strategic Deflection (SDeflection), a defense that doesn’t rely on refusal at all. Instead, it teaches the model to elegantly pivot: providing a safe, semantically adjacent answer that appears cooperative but never fulfills the malicious intent. Think of it not as a shield, but as judo—redirecting the force of the attack instead of resisting it head-on. ...