Challenge: Existing safety alignment techniques for large language models (LLMs) struggle to balance harmlessness and usefulness.
Approach: They propose a safety-aware reflection-based reasoning framework that internalizes self-reflective reasoning and encourages reflection and correction.
Outcome: The proposed framework outperforms reasoning-based alignment methods in safety alignment.

Similar Papers

Self-Reflection Improves Safety of Large Reasoning Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing safety alignment methods are shallow and do not address deeper risks and attacks in reasoning processes.
Approach: They propose a technique that introduces a special Self-Reflection token to enable LRMs to perform self-reflection during generation and recover from harmful outputs.
Outcome: The proposed approach outperforms the baseline model in terms of safety and helpfulness, and significantly improves model safety without adversarial training.
Reasoning-to-Defend: Safety-Aware Reasoning Can Defend Large Language Models from Jailbreaking (2025.emnlp-main)

Copied to clipboard

Challenge: Large Reasoning Models (LLMs) have demonstrated impressive performances across diverse domains, but how their safety benefits from enhanced reasoning capabilities against jailbreak queries remains unexplored.
Approach: They propose a safety-aware reasoning paradigm that integrates a pivot token-based safety-based reasoning mechanism into LLMs’ generation process.
Outcome: The proposed model improves the safety of large language models against jailbreak queries while minimizing attacks and maintaining the original performance.
More Thinking, Less Talking: Internalizing Deliberative Safety into LLM Parameters (2026.acl-long)

Copied to clipboard

Challenge: Existing safety alignment methods leave Large Language Models vulnerable to sophisticated jailbreak attacks.
Approach: They propose a safety reasoning internalization framework that internalizes safety reasoning into an implicit computational pathway using Low-Rank Adaptation (LoRA).
Outcome: The proposed framework achieves a 43% lower Attack Success Rate (ASR) against distinct jailbreak attacks compared to strong baselines.
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)

Copied to clipboard

Challenge: Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks .
Approach: They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks .
Outcome: a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say .
On the Vulnerability of Safety Alignment in Open-Access LLMs (2024.findings-acl)

Copied to clipboard

Challenge: Large language models (LLMs) are susceptible to malicious exploitation, but are often rejected and limited harmfulness is limited.
Approach: They propose two types of reverse alignment techniques: reverse supervised fine-tuning (RSFT) and reverse preference optimization (RPO).
Outcome: The proposed methods can significantly enhance the success rate and harmfulness of jailbreak attacks, but they face high rejection rates and limited harmfulness.
Why Not Act on What You Know? Unleashing Safety Potential of LLMs via Self-Aware Guard Enhancement (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) have demonstrated impressive capabilities across various tasks but are vulnerable to meticulously crafted jailbreak attacks.
Approach: They propose a training-free defense strategy to align LLMs’ strong safety discrimination performance with their relatively weaker safety generation ability.
Outcome: The proposed strategy achieves an average 99% success rate against numerous complex and covert jailbreak methods while maintaining helpfulness on general benchmarks.
Why Safeguarded Ships Run Aground? Aligned Large Language Models’ Safety Mechanisms Tend to Be Anchored in The Template Region (2025.acl-long)

Copied to clipboard

Challenge: Infilling a fixed template between the input instruction and initial model output is a common practice for existing LLMs, but it is vulnerable to inference-time jailbreak attacks.
Approach: They propose to fill a fixed template between the input instruction and initial model output and to detach safety mechanisms from the template region to mitigate the risk of inference-time jailbreak attacks.
Outcome: The proposed method is widespread across aligned LLMs and shows that it mitigates inference-time jailbreak vulnerabilities.
When Models Outthink Their Safety: Unveiling and Mitigating Self-Jailbreak in Large Reasoning Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing methods often apply coarse-grained constraints over entire reasoning trajectories . Existing approaches often apply unsafe constraints, causing unsafe outputs .
Approach: They propose a trajectory-level training framework that mitigates Self-Jailbreak . they propose 'chain-of-guardrail' to mitigate self-jailbreak by targeting step-level interventions .
Outcome: The proposed framework mitigates Self-Jailbreak by targeting step-level interventions while maintaining reasoning ability.
Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM (2024.acl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) have made significant advancements but can be misused to generate harmful content.
Approach: They propose a Robustly Aligned LLM to defend against alignment-breaking attacks by retraining existing LLMs and using adversarial or handcrafted jailbreaking prompts.
Outcome: The proposed model reduces attack success rates from nearly 100% to around 10% or less.
Root Defense Strategies: Ensuring Safety of LLM at the Decoding Level (2025.acl-long)

Copied to clipboard

Challenge: Existing methods to detect harmful outputs from prefill-level lacks utilization of the model’s decoding outputs, leading to relatively lower effectiveness and robustness.
Approach: They propose a robust decoding mechanism that corrects harmful queries directly rather than rejecting them outright.
Outcome: The proposed model improves model security without compromising reasoning speed.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations