Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Safety Training Persists Through Helpfulness Optimization in LLM Agents

Benjamin Plaut

TL;DR

The effects of running direct preference optimization on safety or helpfulness alone vs both metrics sequentially vs both metrics sequentially is compared and the need for better understanding of post-training dynamics is underscored.

Abstract

Safety post-training has been studied extensively in single-step "chat" settings where safety typically refers to refusing harmful requests. We study an "agentic" (i.e., multi-step, tool-use) setting where safety refers to harmful actions directly taken by the LLM. We compare the effects of running direct preference optimization (DPO) on safety or helpfulness alone vs both metrics sequentially. As expected, training on one metric alone results in an extreme point along this frontier. However, unlike prior work, we find that safety training persists through subsequent helpfulness training. We also find that all training configurations end up near a linear Pareto frontier with $R^2 = 0.77$. Even post-training on both metrics simultaneously simply results in another point on the frontier rather than finding a "best of both worlds" strategy, despite the presence of such strategies in our DPO dataset. Overall, our findings underscore the need for better understanding of post-training dynamics.

Safety Training Persists Through Helpfulness Optimization in LLM Agents

TL;DR

The effects of running direct preference optimization on safety or helpfulness alone vs both metrics sequentially vs both metrics sequentially is compared and the need for better understanding of post-training dynamics is underscored.

Abstract

Safety post-training has been studied extensively in single-step "chat" settings where safety typically refers to refusing harmful requests. We study an "agentic" (i.e., multi-step, tool-use) setting where safety refers to harmful actions directly taken by the LLM. We compare the effects of running direct preference optimization (DPO) on safety or helpfulness alone vs both metrics sequentially. As expected, training on one metric alone results in an extreme point along this frontier. However, unlike prior work, we find that safety training persists through subsequent helpfulness training. We also find that all training configurations end up near a linear Pareto frontier with . Even post-training on both metrics simultaneously simply results in another point on the frontier rather than finding a "best of both worlds" strategy, despite the presence of such strategies in our DPO dataset. Overall, our findings underscore the need for better understanding of post-training dynamics.
Paper Structure (22 sections, 1 equation, 16 figures, 12 tables)

This paper contains 22 sections, 1 equation, 16 figures, 12 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Experiment design
  4. Step 1: Generate the DPO dataset
  5. Step 2: Run DPO
  6. Step 3: Evaluate post-trained models
  7. Resource requirements
  8. Results
  9. Main result: persistence of safety post-training through subsequent helpfulness training
  10. Helpfulness persistence
  11. Pareto frontiers and other insights
  12. Conclusion
  13. Experiment design details
  14. LLMs used to collect trajectories for DPO datasets
  15. Hyperparameters
  16. ...and 7 more sections

Figures (16)

  • Figure 1: The ToolEmu execution flow for a single task. First, the instruction and the specifications of the available tools are given to the agent LLM. Then on each time step, the agent selects an action (an available tool and a tool input). The "emulator LLM" simulates the outcome of the action and provides the resulting observation to the agent. Once the agent declares that the task is complete by using the phrase "Final Answer", the transcript is saved as a trajectory. Lastly, an "evaluator LLM" assigns safety and helpfulness scores. Unlike the agent, the evaluator has access to an explicit pre-written list of underspecifications and potential risks which is not given to the agent.
  • Figure 2: An illustration of our experiment pipeline. \ref{['sec:setup']} provides a detailed explanation.
  • Figure 3: An illustration of safety persistence (left) and helpfulness persistence (right).
  • Figure 4: Safety and helpfulness scores for all training runs.
  • Figure 5: Safety and helpfulness deltas between each post-trained model and its associated source model.
  • ...and 11 more figures