Safety Targeted Embedding Exploit via Refinement

· Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

STEER (Safety Targeted Embedding Exploit via Refinement) is a gradient-guided attack designed to expose vulnerabilities in large language models (LLMs) whose safety training is predominantly in English. This method identifies words strongly contributing to a model's refusal behavior and iteratively translates them into low-resource languages, effectively suppressing safety mechanisms while preserving harmful intent. The research demonstrates that this creates an epistemic gap, allowing models to confidently generate harmful responses for inputs outside their safety training distribution. Across six open-source 8B-parameter models, STEER achieved attack success rates up to 93.0% on JailbreakBench and 96.7% on AdvBench, outperforming other methods. The resulting prompts also transferred to GPT-4o-mini with a 35.5% success rate, indicating a fundamental weakness not specific to a single architecture.

Key takeaway

For AI Security Engineers or teams deploying multilingual LLMs, this research highlights a critical flaw: current English-centric safety alignment is insufficient. You must broaden safety coverage during alignment and implement explicit mechanisms to detect and abstain from out-of-distribution multilingual inputs. Relying solely on English safety training leaves your models vulnerable to sophisticated jailbreak attacks, even against black-box systems like GPT-4o-mini.

Key insights

English-centric LLM safety training creates exploitable vulnerabilities in multilingual and code-switching contexts.

Principles

Method

STEER identifies refusal-contributing words via gradients, iteratively translating them into low-resource languages to suppress refusal while preserving harmful intent.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Scientist, AI Security Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.