Paper Reviews

2026

Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To! (Shallow Alignment) — Qi et al. (2024), ICLR 2024

Overview image for Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To! (Shallow Alignment) — Qi et al. (2024), ICLR 2024

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 ICLR 2024 · arXiv:2310.03693 저자: Xiangyu Qi, Yi Zeng, Tinghao Xie, Pin-Yu Chen, Ruoxi Jia, Prateek Mittal, Peter Henderson 우리 논문과의 관계: early-k 결과의 이론적 근거. “alignment은 shallow하다”는 주장 → 우리가 “얼마나 shallow한지” 정량적 logit-level 증거를 제공.

SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding — Xu et al. (2024), ACL 2024

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 ACL 2024 · arXiv:2402.08983 저자: Zhangchen Xu, Fengqing Jiang, Luyao Niu, Jinyuan Jia, Bill Yuchen Lin, Radha Poovendran 우리 논문과의 관계: 우리의 ⁍가 실제 방어 시스템의 trigger로 활용될 수 있는 구체적 예시. SafeDecoding = “how to intervene”, 우리 = “when and where to intervene”.

Refusal Falls off a Cliff: How Safety Alignment Fails in Reasoning? — Yin et al. (2025), ICLR 2026 Withdrawn Submission

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 arXiv:2510.06036 (ICLR 2026 Withdrawn Submission) 저자: Qingyu Yin, Chak Tou Leong, Linyi Yang, Wenxuan Huang, Wenjie Li, Xiting Wang, et al. 우리 논문과의 관계: 가장 직접적인 “temporal safety” 비교 대상. 그들은 reasoning chain 수준, 우리는 token generation 수준에서 temporal dynamics를…

Refusal in Language Models Is Mediated by a Single Direction — Arditi et al. (2024), NeurIPS 2024

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 NeurIPS 2024 · arXiv:2406.11717 저자: Andy Arditi, Oscar Obeso, Aaquib Syed, Daniel Paleka, Nina Panickssery, Wes Gurnee, Neel Nanda 우리 논문과의 관계: Representation-level에서의 safety 분석. 우리의 temporal construct validity 실험에서 이 refusal direction과 $St$의 step별 상관을…

Logit-Gap Steering: Efficient Short-Suffix Jailbreaks for Aligned Large Language Models — Li & Liu (2025), arXiv

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 arXiv:2506.24056 저자: Tung-Ling Li, Hongliang Liu 우리 논문과의 관계: 우리의 $St = \mu{cmp} - \mu{ref}$와 거의 동일한 logit-gap 정의를 공격에 사용. 우리는 진단에 사용. 같은 metric, 반대 목적. “Diagnostic vs. interventional” 구분의 핵심 사례.

Jailbroken: How Does LLM Safety Training Fail? — Wei et al. (2024), NeurIPS 2023(Oral)

4 minute read

Reviewed: February 26, 2026

importance-high llm-safety paper-review status-in-progress

📎 NeurIPS 2023 · arXiv:2307.02483 저자: Alexander Wei, Nika Haghtalab, Jacob Steinhardt (UC Berkeley) 우리 논문과의 관계: Type A/B 분류의 이론적 토대. Competing objectives ↔ Type B, mismatched generalization ↔ Type A로 대응시킬 수 있음.