Challenge: Existing approaches to defending against LLM backdoors rely on auxiliary models or safety-related datasets.
Approach: They propose a method which contrasts benign and poisoned settings to decompose feature vectors for steering without auxiliary models or datasets.
Outcome: The proposed method achieves better defense qualities than existing steering strategies.

Similar Papers

Detecting What Queries Seek: Steering LLM Safety with FFN Output Activation Monitoring (2026.acl-long)

Copied to clipboard

Challenge: Existing methods for detecting malicious queries rely on residual stream activations, resulting in limited discriminative power and unreliable interventions.
Approach: They propose to use feed-forward networks (FFNs) to generate more discriminative signals for intervention, since these activations more explicitly reflect the intent of a query.
Outcome: Experiments show that the proposed approach achieves state-of-the-art defense performance against various jailbreak attacks while maintaining the model's original performance on benign tasks.
Large Language Models Are Better Adversaries: Exploring Generative Clean-Label Backdoor Attacks Against Text Classifiers (2023.findings-emnlp)

Copied to clipboard

Challenge: Backdoor attacks manipulate model predictions by inserting malicious "poison" instances that contain a specific pattern or "trigger."
Approach: They propose an attack that inserts style-based triggers into training and test data by using a poison selection technique to improve the effectiveness of both LLMBkd and existing backdoor attacks.
Outcome: The proposed attack achieves high success rates across a wide range of styles with little effort and no model training.
Analysing the Safety Pitfalls of Steering Vectors (2026.findings-acl)

Copied to clipboard

Challenge: Activation steering has emerged as a powerful tool to shape LLM behaviour without the need for weight updates.
Approach: They propose to audit steering vectors obtained with Contrastive Activation Addition (CAA) and propose a mechanistic explanation for this finding.
Outcome: The proposed approach significantly improves the success rate of jailbreak attacks, with stronger amplification under simple template-based attacks.
Backdoor Collapse: Eliminating Unknown Threats Via Known Backdoor Aggregation In Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing defenses rely on impractical assumptions about trigger settings to mitigate backdoor attacks . a recent study found that small amounts of training data can systematically induce harmful behaviors in large language models.
Approach: They propose a backdoor defense framework that requires no prior knowledge of trigger settings . they use a two-stage process to aggregate backdoor representations and fine-tune recovery .
Outcome: The proposed defense reduces the average Attack Success Rate to 4.41% across multiple benchmarks . the proposed framework generalizes across different types of backdoors, confirming its robustness in practical deployment scenarios.
Towards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis (2024.emnlp-main)

Copied to clipboard

Challenge: Large language models (LLMs) are susceptible to a type of attack known as jailbreaking, which misleads LLMs to output harmful contents.
Approach: They propose to leverage hidden representations into existing jailbreak targets to move the attacks along the acceptance direction.
Outcome: The proposed methods are validated using the objective of existing jailbreak attacks.
When Backdoors Speak: Understanding LLM Backdoor Attacks Through Model-Generated Explanations (2025.acl-long)

Copied to clipboard

Challenge: Recent studies have shown that Large Language Models (LLMs) are susceptible to backdoor attacks, where triggers embedded in poisoned data can maliciously alter LLMs’ behaviors.
Approach: They propose to leverage LLMs' generative capabilities to generate human-readable explanations for their decisions, enabling direct comparisons between explanations of clean and poisoned data.
Outcome: The proposed model produces coherent explanations for clean inputs but logically flawed explanations on poisoned data.
Defending LLMs against Jailbreaking Attacks via Backtranslation (2024.findings-acl)

Copied to clipboard

Challenge: Recent advancement in large language models (LLMs) has shown their extensive applications and transformative potential to reshape people's lives.
Approach: They propose a method which uses backtranslation to infer an input prompt from an input input prompt and then run it again on the backtranslated prompt.
Outcome: The proposed method outperforms baselines and has little impact on the generation quality for benign input prompts.
Selective Steering: Norm-Preserving Control Through Discriminative Layer Selection (2026.findings-acl)

Copied to clipboard

Challenge: Existing methods for inference-time steering are limited by their limitations . Angular Steering violates norm preservation, causing distribution shift and generation collapse .
Approach: They propose a method that uses a norm-preserving rotation formulation to maintain activation distribution integrity and discriminative layer selection to apply steering only where features exhibit opposite-signed class alignment.
Outcome: Experiments show that Selective Steering achieves higher attack success rates than prior methods while maintaining zero perplexity violations and approximately 100% capability retention on standard benchmarks.
AdaSteer: Your Aligned LLM is Inherently an Adaptive Jailbreak Defender (2025.emnlp-main)

Copied to clipboard

Challenge: Activation steering offers training-free defense but relies on fixed steering coefficients, resulting in suboptimal protection and increased false rejections of benign inputs.
Approach: They propose an adaptive activation steering method that dynamically adjusts model behavior based on input characteristics.
Outcome: The proposed method outperforms baseline methods across multiple jailbreak attacks with minimal impact on utility.
Shifting Perspectives: Steering Vectors for Robust Bias Mitigation in LLMs (2026.findings-eacl)

Copied to clipboard

Challenge: Despite efforts to mitigate social bias in large language models, representational harms such as stereotyping continue to exist in both open and closed-source models.
Approach: They propose a method to modify model activations in forward passes by applying steering vectors to a BBQ dataset and comparing their results to bias mitigation methods.
Outcome: The proposed method outperforms 3 other bias mitigation methods on the BBQ dataset and shows the lowest impact on MMLU scores.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations