Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Self-Improving Architecture for Dynamic Safety in Large Language Models

Tyler Slater

TL;DR

The paper addresses the inadequacy of static safety patterns for AI-enabled software by proposing the Self-Improving Safety Framework (SISF), a runtime, self-adaptive architecture that autonomously detects breaches and synthesizes generalized safety policies. By coupling an unprotected base LLM with a high-accuracy Adjudicator and a Policy Synthesis Module within an asynchronous learning loop, SISF demonstrates a measurable learning curve, reducing Attack Success Rate from 100% to 4.58% (reported as 45.58% ASR on AdvBench) and achieving a 0% False Positive Rate on a benign dataset, after synthesizing 234 policies (mixed heuristic and embedding-based). The results support the viability of continuous, automated safety adaptation at runtime, offering a practical pathway toward robust, scalable, self-healing AI systems, while highlighting costs, latency considerations, and the need for broader benchmarking. Future work includes evaluating generalizability across additional models and attack classes, and refining baselines to enable direct comparisons with state-of-the-art static defenses.

Abstract

Context: The integration of Large Language Models (LLMs) into core software systems is accelerating. However, existing software architecture patterns are static, while current safety assurance methods are not scalable, leaving systems vulnerable to novel adversarial threats. Objective: To design, implement, and evaluate a novel software architecture that enables an AI-driven system to autonomously and continuously adapt its own safety protocols at runtime. Method: We propose the Self-Improving Safety Framework (SISF), a runtime architecture that couples an unprotected, unaligned base LLM (mistralai/Mistral-7B-v0.1) with a dynamic feedback loop. This loop consists of an AI Adjudicator (GPT-4o) for breach detection and a Policy Synthesis Module (GPT-4 Turbo) that autonomously generates new, generalized safety policies (both heuristic and semantic) in response to failures. Results: We conducted a dynamic learning evaluation using the 520-prompt AdvBench dataset. The unprotected model was 100% vulnerable. Our SISF, starting from zero policies, demonstrated a clear learning curve: it detected 237 breaches, autonomously synthesized 234 new policies, and reduced the overall Attack Success Rate (ASR) to 45.58%. In a subsequent test on 520 benign prompts, the SISF achieved a 0.00% False Positive Rate (FPR), proving its ability to adapt without compromising user utility. Conclusion: An architectural approach to AI safety, based on the principles of self-adaptation, is a viable and effective strategy. Our framework demonstrates a practical path towards building more robust, resilient, and scalable AI-driven systems, shifting safety assurance from a static, pre-deployment activity to an automated, runtime process.

A Self-Improving Architecture for Dynamic Safety in Large Language Models

TL;DR

The paper addresses the inadequacy of static safety patterns for AI-enabled software by proposing the Self-Improving Safety Framework (SISF), a runtime, self-adaptive architecture that autonomously detects breaches and synthesizes generalized safety policies. By coupling an unprotected base LLM with a high-accuracy Adjudicator and a Policy Synthesis Module within an asynchronous learning loop, SISF demonstrates a measurable learning curve, reducing Attack Success Rate from 100% to 4.58% (reported as 45.58% ASR on AdvBench) and achieving a 0% False Positive Rate on a benign dataset, after synthesizing 234 policies (mixed heuristic and embedding-based). The results support the viability of continuous, automated safety adaptation at runtime, offering a practical pathway toward robust, scalable, self-healing AI systems, while highlighting costs, latency considerations, and the need for broader benchmarking. Future work includes evaluating generalizability across additional models and attack classes, and refining baselines to enable direct comparisons with state-of-the-art static defenses.

Abstract

Context: The integration of Large Language Models (LLMs) into core software systems is accelerating. However, existing software architecture patterns are static, while current safety assurance methods are not scalable, leaving systems vulnerable to novel adversarial threats. Objective: To design, implement, and evaluate a novel software architecture that enables an AI-driven system to autonomously and continuously adapt its own safety protocols at runtime. Method: We propose the Self-Improving Safety Framework (SISF), a runtime architecture that couples an unprotected, unaligned base LLM (mistralai/Mistral-7B-v0.1) with a dynamic feedback loop. This loop consists of an AI Adjudicator (GPT-4o) for breach detection and a Policy Synthesis Module (GPT-4 Turbo) that autonomously generates new, generalized safety policies (both heuristic and semantic) in response to failures. Results: We conducted a dynamic learning evaluation using the 520-prompt AdvBench dataset. The unprotected model was 100% vulnerable. Our SISF, starting from zero policies, demonstrated a clear learning curve: it detected 237 breaches, autonomously synthesized 234 new policies, and reduced the overall Attack Success Rate (ASR) to 45.58%. In a subsequent test on 520 benign prompts, the SISF achieved a 0.00% False Positive Rate (FPR), proving its ability to adapt without compromising user utility. Conclusion: An architectural approach to AI safety, based on the principles of self-adaptation, is a viable and effective strategy. Our framework demonstrates a practical path towards building more robust, resilient, and scalable AI-driven systems, shifting safety assurance from a static, pre-deployment activity to an automated, runtime process.

Paper Structure

This paper contains 27 sections, 5 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. The Core Threat: The Anatomy of Modern LLM Jailbreaks
  4. The First Line of Defense: Static and Training-Time Methods
  5. The Elite Infiltrators: The Practice of Manual Red Teaming
  6. The Next Generation: Towards Automated, Adaptive Defense
  7. The Research Gap
  8. The Self-Improving Safety Framework (SISF)
  9. Architectural Paradigm: Continuous Self-Adaptation
  10. SISF Reference Architecture
  11. The Asynchronous Adaptive Mechanism
  12. Experiments and Results
  13. Experimental Setup
  14. Target LLM
  15. Datasets
  16. ...and 12 more sections

Figures (5)

  • Figure 1: The reference architecture of the Self-Improving Safety Framework (SISF). It illustrates the two primary data flows: (1) the synchronous, external user-facing /v1/chat endpoint, and (2) the asynchronous, internal learning loop, which activates the full Adjudicator-PSM process. The Streamlit-based Oversight Interface provides HITL control by communicating with the API's /v1/policies endpoints.
  • Figure 2: A taxonomy of modern LLM jailbreak techniques, categorizing exploits from simple syntactic obfuscation to complex semantic and persona-based attacks.
  • Figure 3: The SISF's dynamic learning curve over 520 adversarial cycles. The Attack Success Rate (red line, left axis) shows a clear downward trend as the number of autonomously generated policies (blue dashed line, right axis) increases.
  • Figure 4: Comparative Attack Success Rate (ASR) of defense architectures on the AdvBench dataset. Lower is better.
  • Figure 5: Comparative False Positive Rate (FPR) of defense architectures on the HH-RLHF benign dataset. Lower is better.