Curiosity-driven Red-teaming for Large Language Models
- URL: http://arxiv.org/abs/2402.19464v1
- Date: Thu, 29 Feb 2024 18:55:03 GMT
- Title: Curiosity-driven Red-teaming for Large Language Models
- Authors: Zhang-Wei Hong, Idan Shenfeld, Tsun-Hsuan Wang, Yung-Sung Chuang, Aldo
Pareja, James Glass, Akash Srivastava, Pulkit Agrawal
- Abstract summary: Large language models (LLMs) hold great potential for many natural language applications but risk generating incorrect or toxic content.
relying solely on human testers is expensive and time-consuming.
Our method of curiosity-driven red teaming (CRT) achieves greater coverage of test cases while mantaining or increasing their effectiveness compared to existing methods.
- Score: 43.448044721642916
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Large language models (LLMs) hold great potential for many natural language
applications but risk generating incorrect or toxic content. To probe when an
LLM generates unwanted content, the current paradigm is to recruit a
\textit{red team} of human testers to design input prompts (i.e., test cases)
that elicit undesirable responses from LLMs. However, relying solely on human
testers is expensive and time-consuming. Recent works automate red teaming by
training a separate red team LLM with reinforcement learning (RL) to generate
test cases that maximize the chance of eliciting undesirable responses from the
target LLM. However, current RL methods are only able to generate a small
number of effective test cases resulting in a low coverage of the span of
prompts that elicit undesirable responses from the target LLM. To overcome this
limitation, we draw a connection between the problem of increasing the coverage
of generated test cases and the well-studied approach of curiosity-driven
exploration that optimizes for novelty. Our method of curiosity-driven red
teaming (CRT) achieves greater coverage of test cases while mantaining or
increasing their effectiveness compared to existing methods. Our method, CRT
successfully provokes toxic responses from LLaMA2 model that has been heavily
fine-tuned using human preferences to avoid toxic outputs. Code is available at
\url{https://github.com/Improbable-AI/curiosity_redteam}
Related papers
- Output Scouting: Auditing Large Language Models for Catastrophic Responses [1.5703117863274307]
Recent high profile incidents in which the use of Large Language Models (LLMs) resulted in significant harm to individuals have brought about a growing interest in AI safety.
One reason LLM safety issues occur is that models often have at least some non-zero probability of producing harmful outputs.
We propose output scouting: an approach that aims to generate semantically fluent outputs to a given prompt matching any target probability distribution.
arXiv Detail & Related papers (2024-10-04T18:18:53Z) - Are you still on track!? Catching LLM Task Drift with Activations [55.75645403965326]
Task drift allows attackers to exfiltrate data or influence the LLM's output for other users.
We show that a simple linear classifier can detect drift with near-perfect ROC AUC on an out-of-distribution test set.
We observe that this approach generalizes surprisingly well to unseen task domains, such as prompt injections, jailbreaks, and malicious instructions.
arXiv Detail & Related papers (2024-06-02T16:53:21Z) - CyberSecEval 2: A Wide-Ranging Cybersecurity Evaluation Suite for Large Language Models [6.931433424951554]
Large language models (LLMs) introduce new security risks, but there are few comprehensive evaluation suites to measure and reduce these risks.
We present BenchmarkName, a novel benchmark to quantify LLM security risks and capabilities.
We evaluate multiple state-of-the-art (SOTA) LLMs, including GPT-4, Mistral, Meta Llama 3 70B-Instruct, and Code Llama.
arXiv Detail & Related papers (2024-04-19T20:11:12Z) - Gradient-Based Language Model Red Teaming [9.972783485792885]
Red teaming is a strategy for identifying weaknesses in generative language models (LMs)
Red teaming is instrumental for both model alignment and evaluation, but is labor-intensive and difficult to scale when done by humans.
We present Gradient-Based Red Teaming (GBRT), a red teaming method for automatically generating diverse prompts that are likely to cause an LM to output unsafe responses.
arXiv Detail & Related papers (2024-01-30T01:19:25Z) - LMRL Gym: Benchmarks for Multi-Turn Reinforcement Learning with Language
Models [56.25156596019168]
This paper introduces the LMRL-Gym benchmark for evaluating multi-turn RL for large language models (LLMs)
Our benchmark consists of 8 different language tasks, which require multiple rounds of language interaction and cover a range of tasks in open-ended dialogue and text games.
arXiv Detail & Related papers (2023-11-30T03:59:31Z) - Learning from Red Teaming: Gender Bias Provocation and Mitigation in
Large Language Models [43.44112117935541]
Large language models (LLMs) encode potential biases while retaining disparities that can harm humans during interactions.
We propose a first-of-its-kind method that automatically generates test cases to detect LLMs' potential gender bias.
To address the biases identified, we propose a mitigation strategy that uses the generated test cases as demonstrations for in-context learning.
arXiv Detail & Related papers (2023-10-17T08:56:04Z) - LaGR-SEQ: Language-Guided Reinforcement Learning with Sample-Efficient
Querying [71.86163159193327]
Large language models (LLMs) have recently demonstrated their impressive ability to provide context-aware responses via text.
This ability could potentially be used to predict plausible solutions in sequential decision making tasks pertaining to pattern completion.
We introduce LaGR, which uses this predictive ability of LLMs to propose solutions to tasks that have been partially completed by a primary reinforcement learning (RL) agent.
arXiv Detail & Related papers (2023-08-21T02:07:35Z) - Allies: Prompting Large Language Model with Beam Search [107.38790111856761]
In this work, we propose a novel method called ALLIES.
Given an input query, ALLIES leverages LLMs to iteratively generate new queries related to the original query.
By iteratively refining and expanding the scope of the original query, ALLIES captures and utilizes hidden knowledge that may not be directly through retrieval.
arXiv Detail & Related papers (2023-05-24T06:16:44Z) - Check Your Facts and Try Again: Improving Large Language Models with
External Knowledge and Automated Feedback [127.75419038610455]
Large language models (LLMs) are able to generate human-like, fluent responses for many downstream tasks.
This paper proposes a LLM-Augmenter system, which augments a black-box LLM with a set of plug-and-play modules.
arXiv Detail & Related papers (2023-02-24T18:48:43Z) - Red Teaming Language Models with Language Models [8.237872606555383]
Language Models (LMs) often cannot be deployed because of their potential to harm users in hard-to-predict ways.
Prior work identifies harmful behaviors before deployment by using human annotators to hand-write test cases.
In this work, we automatically find cases where a target LM behaves in a harmful way, by generating test cases ("red teaming") using another LM.
arXiv Detail & Related papers (2022-02-07T15:22:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.