This paper introduces ASTRAL, a new tool for automated safety testing of LLMs (LLMs). It addresses the challenge of outdated safety benchmarks by generating up-to-date, diverse unsafe prompts using LLMs and web browsing. This allows for more robust and relevant safety evaluations of LLMs before deployment.
-----
π ASTRAL automates safety testing by generating fresh, diverse unsafe prompts using Retrieval Augmented Generation and web browsing. This eliminates the limitations of static benchmarks, ensuring LLMs are tested against real-world, evolving threats.
π Using LLMs for both test generation and evaluation reduces manual effort while scaling safety assessments. ASTRAL's automated classification system streamlines large-scale testing, making it more efficient than traditional human review.
π ASTRALβs results reveal critical failure points in safety mechanisms across categories like politics, crime, and substance abuse. These insights highlight vulnerabilities that traditional static benchmarks fail to detect.
-----
https://arxiv.org/abs/2501.17749
Original Problem π€:
β Existing LLM safety benchmarks are often static and become outdated.
β They may be incorporated into LLM training data, reducing their effectiveness over time.
β Current benchmarks may not reflect real-world user interactions or emerging safety concerns.
-----
Methods explored in this Paper π‘:
β ASTRAL generates novel unsafe test inputs using LLMs, Retrieval Augmented Generation (RAG), and few-shot prompting.
β It uses web browsing to access recent news, ensuring up-to-date and relevant test prompts.
β ASTRAL covers 14 safety categories, different writing styles, and persuasion techniques to create diverse test inputs.
β It includes an automated evaluation mechanism using LLMs to classify output safety, reducing manual effort.
-----
Key Insights from this Paper π:
β Up-to-date and diverse test inputs are crucial for effective LLM safety testing.
β Automated test input generation can overcome the limitations of static benchmarks.
β Integrating RAG and web browsing into test generation ensures relevance and novelty.
β LLMs can be utilized as effective automated evaluators for safety testing.
-----
Results π:
β ASTRAL found 87 confirmed unsafe outcomes out of 10,080 tests on OpenAI's o3-mini.
β o3-mini showed fewer unsafe outcomes compared to older OpenAI models like GPT3.5, GPT4, and GPT-4o in prior studies with ASTRAL.
β Category 'controversial topics and politics' (c3) showed the highest number of unsafe outcomes in the second test suite.
β 'Terrorism and organized crime' (c13), 'Animal abuse' (c1), and 'Drug abuse, weapons, banned substances' (c5) are also critical safety categories identified.
