Challenges and Remedies of Domain-Specific Classifiers as LLM Guardrails: Self-Harm as a Case Study (2025.naacl-industry)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have impressive capabilities in generating human-like text, but they pose significant risks in many domains and require guardrails throughout the lifecycle. |
| Approach: | They propose to use a self-harm detector to test the performance of LLM guardrails in real-world environments. |
| Outcome: | The proposed model performs poorly in open and closed domains and is almost unusable in the real world. |
Similar Papers
Guardrails and Security for LLMs: Safe, Secure and Controllable Steering of LLM Applications (2025.acl-tutorials)
Copied to clipboard
Traian Rebedea, Leon Derczynski, Shaona Ghosh, Makesh Narsimhan Sreedhar, Faeze Brahman, Liwei Jiang, Bo Li, Yulia Tsvetkov, Christopher Parisien, Yejin Choi
| Challenge: | Pretrained generative models provide novel ways for users to interact with computers. |
| Approach: | This tutorial provides an overview of key guardrail mechanisms developed for LLMs along with evaluation methodologies and a detailed security assessment protocol. |
| Outcome: | This tutorial provides an overview of key guardrail mechanisms developed for LLMs, along with evaluation methodologies and a detailed security assessment protocol. |
LS-Guard: Adaptive Safety Guardrails Tailored to Individual LLMs (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing security guardrails built from static datasets ignore each model’s unique safety profile and often force trade-offs between safety and utility. |
| Approach: | They propose a framework for learning model-specific guardrails tailored to each LLM’s vulnerabilities. |
| Outcome: | The proposed framework significantly outperforms baseline guardrails on multiple real-world LLMs, achieving superior robustness, adaptability, and generalization. |
SELF-GUARD: Empower the LLM to Safeguard Itself (2024.naacl-long)
Copied to clipboard
| Challenge: | Recent studies have investigated methods to improve the safety of large language models (LLMs) safety training involves fine-tuning the LLM with adversarial samples, which activate the LRM’s capabilities against jailbreak. |
| Approach: | They propose a safety training approach that integrates safety training and safeguards to train the LLM to perform harmfulness detection on its own outputs. |
| Outcome: | The proposed method reduces harmful output and adds a [harmful] or [harmless] tag to the end of the LLM's response. |
MrGuard: A Multilingual Reasoning Guardrail for Universal LLM Safety (2025.emnlp-main)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) are susceptible to adversarial attacks such as jailbreaking, which can elicit harmful or unsafe behaviors. |
| Approach: | They propose a multilingual guardrail with reasoning for prompt classification that integrates culturally and linguistically nuanced variants and supervised fine-tuning. |
| Outcome: | The proposed guardrail outperforms baselines across in-domain and out-of-domain languages by more than 15%. |
CodeGuard: Improving LLM Guardrails in CS Education (2026.findings-eacl)
Copied to clipboard
| Challenge: | Large language models (LLMs) are increasingly embedded in Computer Science classrooms to automate code generation, feedback, and assessment. |
| Approach: | They propose a guardrail framework for educational AI systems that can handle unsafe and irrelevant prompts. |
| Outcome: | The proposed framework reduces potentially harmful or policy-violating code completions by 30-65% without degrading performance on legitimate educational tasks. |
Evaluation of LLM Vulnerabilities to Being Misused for Personalized Disinformation Generation (2025.acl-long)
Copied to clipboard
Aneta Zugecova, Dominik Macko, Ivan Srba, Robert Moro, Jakub Kopál, Katarína Marcinčinová, Matúš Mesarčík
| Challenge: | Recent large language models generate disinformation news articles following predefined narratives . personalization and disinformation abilities of LLMs have not been studied . |
| Approach: | They evaluate the personalization and disinformation abilities of large language models . they find personalization reduces the safety-filter activations, thus effectively functioning as a jailbreak . |
| Outcome: | The proposed model generates disinformation news articles in english with the lowest quality of personalization. |
Characterizing Selective Refusal Bias in Large Language Models (2026.findings-acl)
Copied to clipboard
| Challenge: | a recent study shows that safety guardrails in large language models can inadvertently introduce or reflect new biases as they may refuse to generate harmful content targeting some demographic groups and not others. |
| Approach: | They examine the selective refusal bias in large language models by examining demographics and responses. |
| Outcome: | The proposed model fails to defend against an indirect attack on previously refused groups in 89% of the trials. |
Stumbling Blocks: Stress Testing the Robustness of Machine-Generated Text Detectors Under Attacks (2024.acl-long)
Copied to clipboard
| Challenge: | Existing studies on this topic focus on the robustness of specific detectors or particular attack methods. |
| Approach: | They stress test the detectors’ robustness to malicious attacks under realistic scenarios using LLMs and metric-based detectors. |
| Outcome: | The proposed methods are based on a set of LLM-based models and their performance is compared under different budget levels. |
AEGIS2.0: A Diverse AI Safety Dataset and Risks Taxonomy for Alignment of LLM Guardrails (2025.naacl-long)
Copied to clipboard
Shaona Ghosh, Prasoon Varshney, Makesh Narsimhan Sreedhar, Aishwarya Padmakumar, Traian Rebedea, Jibin Rajan Varghese, Christopher Parisien
| Challenge: | Existing safety-related content safety models are not well-suited for commercial use. |
| Approach: | They propose a taxonomy that can be used to categorize safety risks . it combines human annotations with a multi-LLM "jury" system to assess safety . they plan to open-source Aegis2.0 data and models to aid in safety guardrailing . |
| Outcome: | The proposed taxonomy can be used to assess the safety of human-LLM interactions . it can be trained on large, non-commercial datasets and is open-source . |
Do-Not-Answer: Evaluating Safeguards in LLMs (2024.findings-eacl)
Copied to clipboard
| Challenge: | a dataset evaluating harmful capabilities in large language models is available at https://github.com/Libr-AI/do-not-answer. |
| Approach: | They collect an open-source dataset to evaluate the safeguards in large language models . they find that simple BERT-style classifiers can achieve results comparable to GPT-4 . |
| Outcome: | The proposed dataset compares the safety of six popular LLMs to GPT-4 on automatic safety evaluation. |