Safer Policy Compliance with Dynamic Epistemic Fallback
Joseph Marvin Imperial, Harish Tayyar Madabushi
TL;DR
Dynamic Epistemic Fallback (DEF) is an inference-time safety protocol that uses short prompt cues to trigger epistemic vigilance in LLMs when policy texts in prompts may be perturbed. It distinguishes prompt policy from memorized policy and relies on a memory-prioritization cue to recall the correct version. Across GDPR and HIPAA datasets and frontier LLMs, DEF improves detection and refusal rates, with memory-prioritization delivering the strongest gains and enabling recovery of accuracy lost to perturbations, while preserving performance on correct policies. The work argues for cognitively inspired defenses as practical safeguards for high-stakes AI systems and generalizes to other normative artifacts and domains.
Abstract
Humans develop a series of cognitive defenses, known as epistemic vigilance, to combat risks of deception and misinformation from everyday interactions. Developing safeguards for LLMs inspired by this mechanism might be particularly helpful for their application in high-stakes tasks such as automating compliance with data privacy laws. In this paper, we introduce Dynamic Epistemic Fallback (DEF), a dynamic safety protocol for improving an LLM's inference-time defenses against deceptive attacks that make use of maliciously perturbed policy texts. Through various levels of one-sentence textual cues, DEF nudges LLMs to flag inconsistencies, refuse compliance, and fallback to their parametric knowledge upon encountering perturbed policy texts. Using globally recognized legal policies such as HIPAA and GDPR, our empirical evaluations report that DEF effectively improves the capability of frontier LLMs to detect and refuse perturbed versions of policies, with DeepSeek-R1 achieving a 100% detection rate in one setting. This work encourages further efforts to develop cognitively inspired defenses to improve LLM robustness against forms of harm and deception that exploit legal artifacts.
