Thinking Twice Makes Large Language Models Safer and More Helpful (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing safety alignment techniques for large language models (LLMs) struggle to balance harmlessness and usefulness. |
| Approach: | They propose a safety-aware reflection-based reasoning framework that internalizes self-reflective reasoning and encourages reflection and correction. |
| Outcome: | The proposed framework outperforms reasoning-based alignment methods in safety alignment. |
Similar Papers
Self-Reflection Improves Safety of Large Reasoning Models (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing safety alignment methods are shallow and do not address deeper risks and attacks in reasoning processes. |
| Approach: | They propose a technique that introduces a special Self-Reflection token to enable LRMs to perform self-reflection during generation and recover from harmful outputs. |
| Outcome: | The proposed approach outperforms the baseline model in terms of safety and helpfulness, and significantly improves model safety without adversarial training. |
Reasoning-to-Defend: Safety-Aware Reasoning Can Defend Large Language Models from Jailbreaking (2025.emnlp-main)
Copied to clipboard
| Challenge: | Large Reasoning Models (LLMs) have demonstrated impressive performances across diverse domains, but how their safety benefits from enhanced reasoning capabilities against jailbreak queries remains unexplored. |
| Approach: | They propose a safety-aware reasoning paradigm that integrates a pivot token-based safety-based reasoning mechanism into LLMs’ generation process. |
| Outcome: | The proposed model improves the safety of large language models against jailbreak queries while minimizing attacks and maintaining the original performance. |
More Thinking, Less Talking: Internalizing Deliberative Safety into LLM Parameters (2026.acl-long)
Copied to clipboard
| Challenge: | Existing safety alignment methods leave Large Language Models vulnerable to sophisticated jailbreak attacks. |
| Approach: | They propose a safety reasoning internalization framework that internalizes safety reasoning into an implicit computational pathway using Low-Rank Adaptation (LoRA). |
| Outcome: | The proposed framework achieves a 43% lower Attack Success Rate (ASR) against distinct jailbreak attacks compared to strong baselines. |
Jailbreaks as Inference-Time Alignment: A Framework for Understanding Safety Failures in LLMs (2026.eacl-long)
Copied to clipboard
| Challenge: | Large language models are safety-aligned to prevent harmful response generation . prior work on jailbreak effectiveness has focused on analyzing success rate of jailbreaks . |
| Approach: | They propose to frame jailbreaks as inference-time alignment and draw suboptimal bounds . they also propose a Safety-Net to measure how vulnerable an LLM is to jailbreak attacks . |
| Outcome: | a new framework allows researchers to show how vulnerable an LLM is to jailbreaks . a Safety-Net measures how vulnerable the model is to attacks, the authors say . |
On the Vulnerability of Safety Alignment in Open-Access LLMs (2024.findings-acl)
Copied to clipboard
Jingwei Yi, Rui Ye, Qisi Chen, Bin Zhu, Siheng Chen, Defu Lian, Guangzhong Sun, Xing Xie, Fangzhao Wu
| Challenge: | Large language models (LLMs) are susceptible to malicious exploitation, but are often rejected and limited harmfulness is limited. |
| Approach: | They propose two types of reverse alignment techniques: reverse supervised fine-tuning (RSFT) and reverse preference optimization (RPO). |
| Outcome: | The proposed methods can significantly enhance the success rate and harmfulness of jailbreak attacks, but they face high rejection rates and limited harmfulness. |
Why Not Act on What You Know? Unleashing Safety Potential of LLMs via Self-Aware Guard Enhancement (2025.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have demonstrated impressive capabilities across various tasks but are vulnerable to meticulously crafted jailbreak attacks. |
| Approach: | They propose a training-free defense strategy to align LLMs’ strong safety discrimination performance with their relatively weaker safety generation ability. |
| Outcome: | The proposed strategy achieves an average 99% success rate against numerous complex and covert jailbreak methods while maintaining helpfulness on general benchmarks. |
Why Safeguarded Ships Run Aground? Aligned Large Language Models’ Safety Mechanisms Tend to Be Anchored in The Template Region (2025.acl-long)
Copied to clipboard
| Challenge: | Infilling a fixed template between the input instruction and initial model output is a common practice for existing LLMs, but it is vulnerable to inference-time jailbreak attacks. |
| Approach: | They propose to fill a fixed template between the input instruction and initial model output and to detach safety mechanisms from the template region to mitigate the risk of inference-time jailbreak attacks. |
| Outcome: | The proposed method is widespread across aligned LLMs and shows that it mitigates inference-time jailbreak vulnerabilities. |
When Models Outthink Their Safety: Unveiling and Mitigating Self-Jailbreak in Large Reasoning Models (2026.findings-acl)
Copied to clipboard
Yingzhi Mao, Chunkang Zhang, Junxiang Wang, Xinyan Guan, Boxi Cao, Yaojie Lu, Hongyu Lin, Xianpei Han, Le Sun
| Challenge: | Existing methods often apply coarse-grained constraints over entire reasoning trajectories . Existing approaches often apply unsafe constraints, causing unsafe outputs . |
| Approach: | They propose a trajectory-level training framework that mitigates Self-Jailbreak . they propose 'chain-of-guardrail' to mitigate self-jailbreak by targeting step-level interventions . |
| Outcome: | The proposed framework mitigates Self-Jailbreak by targeting step-level interventions while maintaining reasoning ability. |
Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM (2024.acl-long)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have made significant advancements but can be misused to generate harmful content. |
| Approach: | They propose a Robustly Aligned LLM to defend against alignment-breaking attacks by retraining existing LLMs and using adversarial or handcrafted jailbreaking prompts. |
| Outcome: | The proposed model reduces attack success rates from nearly 100% to around 10% or less. |
Root Defense Strategies: Ensuring Safety of LLM at the Decoding Level (2025.acl-long)
Copied to clipboard
| Challenge: | Existing methods to detect harmful outputs from prefill-level lacks utilization of the model’s decoding outputs, leading to relatively lower effectiveness and robustness. |
| Approach: | They propose a robust decoding mechanism that corrects harmful queries directly rather than rejecting them outright. |
| Outcome: | The proposed model improves model security without compromising reasoning speed. |