Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

BarrierSteer: LLM Safety via Learning Barrier Steering

Thanh Q. Tran, Arun Verma, Kiwan Wong, Bryan Kian Hsiang Low, Daniela Rus, Wei Xiao

TL;DR

This work introduces BarrierSteer, a novel framework that formalizes response safety by embedding learned non-linear safety constraints directly into the model's latent representation space and provides theoretical results establishing that applying CBFs in latent space offers a principled and computationally efficient approach to enforcing safety.

Abstract

Despite the state-of-the-art performance of large language models (LLMs) across diverse tasks, their susceptibility to adversarial attacks and unsafe content generation remains a major obstacle to deployment, particularly in high-stakes settings. Addressing this challenge requires safety mechanisms that are both practically effective and supported by rigorous theory. We introduce BarrierSteer, a novel framework that formalizes response safety by embedding learned non-linear safety constraints directly into the model's latent representation space. BarrierSteer employs a steering mechanism based on Control Barrier Functions (CBFs) to efficiently detect and prevent unsafe response trajectories during inference with high precision. By enforcing multiple safety constraints through efficient constraint merging, without modifying the underlying LLM parameters, BarrierSteer preserves the model's original capabilities and performance. We provide theoretical results establishing that applying CBFs in latent space offers a principled and computationally efficient approach to enforcing safety. Our experiments across multiple models and datasets show that BarrierSteer substantially reduces adversarial success rates, decreases unsafe generations, and outperforms existing methods.

BarrierSteer: LLM Safety via Learning Barrier Steering

TL;DR

This work introduces BarrierSteer, a novel framework that formalizes response safety by embedding learned non-linear safety constraints directly into the model's latent representation space and provides theoretical results establishing that applying CBFs in latent space offers a principled and computationally efficient approach to enforcing safety.

Abstract

Despite the state-of-the-art performance of large language models (LLMs) across diverse tasks, their susceptibility to adversarial attacks and unsafe content generation remains a major obstacle to deployment, particularly in high-stakes settings. Addressing this challenge requires safety mechanisms that are both practically effective and supported by rigorous theory. We introduce BarrierSteer, a novel framework that formalizes response safety by embedding learned non-linear safety constraints directly into the model's latent representation space. BarrierSteer employs a steering mechanism based on Control Barrier Functions (CBFs) to efficiently detect and prevent unsafe response trajectories during inference with high precision. By enforcing multiple safety constraints through efficient constraint merging, without modifying the underlying LLM parameters, BarrierSteer preserves the model's original capabilities and performance. We provide theoretical results establishing that applying CBFs in latent space offers a principled and computationally efficient approach to enforcing safety. Our experiments across multiple models and datasets show that BarrierSteer substantially reduces adversarial success rates, decreases unsafe generations, and outperforms existing methods.
Paper Structure (20 sections, 2 theorems, 27 equations, 2 figures, 8 tables)

This paper contains 20 sections, 2 theorems, 27 equations, 2 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Preliminaries
  4. Learning Constraints for LLM
  5. Control Barrier Functions
  6. LLM Safety via Steering with Learned Safety Constraints
  7. Learning Control Barrier Functions
  8. Representation Steering with Latent Dynamics
  9. Closed-form Steering via Composing CBFs
  10. Experiments
  11. Adversarial Attack Defense
  12. Computational Efficiency
  13. Modular Composition of Safety Barriers
  14. Conclusion
  15. Closed-form of BarrierSteer
  16. ...and 5 more sections

Key Result

Theorem 1

Given a set of learned safety constraints $\{b_{k}(h)\geq \delta\}_{k=1}^K$, if the initial hidden state $h_0$ is in the safe set $\mathcal{C} = \{h \mid b_{k}(h) \geq \delta, k\in \{1,\dots,K\}\}$, then the BarrierSteer control obtained via the composing method eqn:compose ensures the state $h$ sta

Figures (2)

  • Figure 1: BarrierSteer for Safe LLMs. This method efficiently steers the hidden states of LLMs within nonlinear safe sets learned from demonstrations, thereby ensuring the generation of safe language responses during the inference-time.
  • Figure 2: Overview of BarrierSteer for safe LLM generation. There is a three-stage pipeline of BarrierSteer: (i) extracting intermediate latent representations from a pre-trained LLM and constructing an LLM-specific safety dataset with binary safety labels; (ii) learning expressive, non-linear safety constraints in the latent space; and (iii) enforcing these constraints at inference time via CBF-based steering to prevent unsafe generation trajectories, without modifying the underlying model parameters.

Theorems & Definitions (2)

  • Theorem 1
  • Theorem 1