The reviewed record of science sign in
Pith

arxiv: 2404.05993 · v2 · pith:YEJU657K · submitted 2024-04-09 · cs.LG · cs.CL· cs.CY

AEGIS: Online Adaptive AI Content Safety Moderation with Ensemble of LLM Experts

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:YEJU657Krecord.jsonopen to challenge →

classification cs.LG cs.CLcs.CY
keywords safetycontentmodelsdatasetriskaegisaegissafetydatasetcategories
0
0 comments X
read the original abstract

As Large Language Models (LLMs) and generative AI become more widespread, the content safety risks associated with their use also increase. We find a notable deficiency in high-quality content safety datasets and benchmarks that comprehensively cover a wide range of critical safety areas. To address this, we define a broad content safety risk taxonomy, comprising 13 critical risk and 9 sparse risk categories. Additionally, we curate AEGISSAFETYDATASET, a new dataset of approximately 26, 000 human-LLM interaction instances, complete with human annotations adhering to the taxonomy. We plan to release this dataset to the community to further research and to help benchmark LLM models for safety. To demonstrate the effectiveness of the dataset, we instruction-tune multiple LLM-based safety models. We show that our models (named AEGISSAFETYEXPERTS), not only surpass or perform competitively with the state-of-the-art LLM-based safety models and general purpose LLMs, but also exhibit robustness across multiple jail-break attack categories. We also show how using AEGISSAFETYDATASET during the LLM alignment phase does not negatively impact the performance of the aligned models on MT Bench scores. Furthermore, we propose AEGIS, a novel application of a no-regret online adaptation framework with strong theoretical guarantees, to perform content moderation with an ensemble of LLM content safety experts in deployment

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 23 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. SafePyramid: A Hierarchical Benchmark for In-context Policy Guardrailing

    cs.AI 2026-06 unverdicted novelty 7.0

    SafePyramid is a three-level benchmark showing frontier LLMs identify all violated rules in only 54.0%, 35.3%, and 12.9% of cases on L0, L1, and L2 respectively, indicating in-context policy guardrailing remains difficult.

  2. DT-Guard: Intent-Driven Reasoning-Active Training for Reasoning-Free LLM Safety Guardrail

    cs.AI 2026-07 conditional novelty 6.0

    A 4B LLM safety guardrail trained with reasoning supervision but deployed with reasoning-free inference outperforms 8B baselines on safety benchmarks.

  3. Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models

    cs.CR 2026-06 unverdicted novelty 6.0

    Jailbreak attacks suppress Adversarially Compromised Heads in early layers but leave Safety-Aligned Heads robust in mid-layers, enabling competitive detection from persistent activations.

  4. When Behavioral Safety Evaluation Fails: A Representation-Level Perspective

    cs.LG 2026-06 unverdicted novelty 6.0

    Behavioral safety metrics for LLMs are insufficient because models can maintain safe outputs while remaining vulnerable to latent-space interventions, as shown via dissociated models and the new Latent Vulnerability Score.

  5. TRACE: Trajectory Risk-Aware Compression for Long-Horizon Agent Safety

    cs.AI 2026-05 unverdicted novelty 6.0

    TRACE introduces a trajectory-level compression method using a Compressor-Reader pair that improves safety detection accuracy by up to 12.6 percentage points on ASSEBench, Pre-Ex-Bench, and R-Judge while degrading les...

  6. Compositional Jailbreaking: An Empirical Analysis of Mutator Chain Interactions in Aligned LLMs

    cs.CR 2026-05 unverdicted novelty 6.0

    Systematic evaluation of all ordered pairs among twelve jailbreak mutators on harmful prompts reveals mostly destructive interference but some synergistic combinations that raise success rates on three LLMs.

  7. From Parameter Dynamics to Risk Scoring : Quantifying Sample-Level Safety Degradation in LLM Fine-tuning

    cs.AI 2026-05 unverdicted novelty 6.0

    Benign fine-tuning drifts LLM parameters toward danger directions; SQSD scores each sample by the projection difference of its induced update onto safety versus danger vectors.

  8. LLM Safety From Within: Detecting Harmful Content with Internal Representations

    cs.AI 2026-04 unverdicted novelty 6.0

    SIREN identifies safety neurons via linear probing on internal LLM layers and combines them with adaptive weighting to detect harm, outperforming prior guard models with 250x fewer parameters.

  9. Semantic Intent Fragmentation: A Single-Shot Compositional Attack on Multi-Agent AI Pipelines

    cs.CR 2026-04 unverdicted novelty 6.0

    A single legitimate request can cause LLM orchestrators to output plans that violate security policies through the composition of benign subtasks, bypassing subtask-level checks.

  10. Disentangled Safety Adapters Enable Efficient Guardrails and Flexible Inference-Time Alignment

    cs.LG 2025-05 unverdicted novelty 6.0

    Disentangled Safety Adapters decouple safety computations from task-optimized LLMs via lightweight adapters, yielding up to 53% better AUC on safety tasks and dynamic inference-time alignment with reduced performance ...

  11. Peering Behind the Shield: Guardrail Identification in Large Language Models

    cs.CR 2025-02 unverdicted novelty 6.0

    AP-Test identifies deployed guardrails in LLMs via adversarial prompt testing and a match score metric, reporting perfect accuracy on four open-source guardrails.

  12. WildGuard: Open One-Stop Moderation Tools for Safety Risks, Jailbreaks, and Refusals of LLMs

    cs.CL 2024-06 conditional novelty 6.0

    WildGuard is a new open moderation model and dataset for LLM safety that identifies harmful prompts, risky responses, and refusal rates, achieving SOTA open-source performance and sometimes exceeding GPT-4 while cutti...

  13. Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models

    cs.CR 2026-06 unverdicted novelty 5.0

    Jailbreak attacks suppress Adversarially Compromised Heads in early layers but leave Safety-Aligned Heads active in mid-layers, producing robust harmful features usable for competitive training-free detection.

  14. Yuvion LLM: An Adversarially-Aware Large Language Model for Content And AI Safety

    cs.CL 2026-06 unverdicted novelty 5.0

    Yuvion LLM applies adversarially aware training and introduces the YLRE benchmark set, claiming superior safety robustness over larger models on multiple tasks.

  15. Yuvion VL: A Multimodal Foundation Model for Adversarial Content and AI Safety

    cs.CV 2026-06 unverdicted novelty 5.0

    Yuvion VL is a multimodal LLM family using adversarial-aware data construction, three-stage training, and contrastive fine-tuning that claims industry-leading safety performance on new benchmarks while retaining gener...

  16. Epistemic Injustice in Language Models: An Audit of Pretraining Filters and Guardrails

    cs.CL 2026-06 unverdicted novelty 5.0

    An audit finds language model filters and guardrails disproportionately suppress mentions of marginalized groups via lexical cues while failing to catch explicit harms.

  17. ConsisGuard: Aligning Safety Deliberation with Policy Enforcement in LLM Guardrails

    cs.CL 2026-05 unverdicted novelty 5.0

    ConsisGuard is a consistency-aware framework that applies Policy-to-Decision Trajectory Distillation and Functional Coupling Alignment to improve policy execution consistency in reasoning-based LLM guardrails on harmf...

  18. Cross-Lingual Jailbreak Detection via Semantic Codebooks

    cs.CL 2026-04 unverdicted novelty 5.0

    Semantic similarity to an English jailbreak codebook detects cross-lingual attacks with high accuracy on curated benchmarks but shows poor separability on diverse unsafe prompts.

  19. Guardian-as-an-Advisor: Advancing Next-Generation Guardian Models for Trustworthy LLMs

    cs.LG 2026-04 unverdicted novelty 5.0

    Guardian-as-an-Advisor prepends risk labels and explanations from a guardian model to queries, improving LLM safety compliance and reducing over-refusal while adding minimal compute overhead.

  20. Yuvion VL: A Multimodal Foundation Model for Adversarial Content and AI Safety

    cs.CV 2026-06 unverdicted novelty 4.0

    Yuvion VL is a multimodal foundation model trained with adversarial-aware data and contrastive fine-tuning that claims industry-leading safety performance on the authors' YVRE benchmarks while retaining general capabilities.

  21. Opir: Efficient Multi-Task Safety Classification for Toxicity, Jailbreaks, Hate Speech, and Harmful Content

    cs.LG 2026-05 unverdicted novelty 4.0

    Opir introduces efficient multi-task encoder models trained on a 996-category safety taxonomy that match or exceed larger baselines on most safety benchmarks while using under 100M parameters for edge variants.

  22. ShieldGemma: Generative AI Content Moderation Based on Gemma

    cs.CL 2024-07 unverdicted novelty 4.0

    ShieldGemma delivers a family of Gemma2-based classifiers that outperform Llama Guard and WildCard on public safety benchmarks while introducing a synthetic-data curation pipeline for safety tasks.

  23. Cosmos World Foundation Model Platform for Physical AI

    cs.CV 2025-01 unverdicted novelty 3.0

    The Cosmos platform supplies open-source pre-trained world models and supporting tools for building fine-tunable digital world simulations to train Physical AI.