Shh, don't say that! Domain Certification in LLMs
This addresses the adversarial susceptibility of LLMs in constrained tasks, offering a practical solution for deployment in specific domains, though it is incremental as it builds on existing certification techniques.
The paper tackles the problem of LLMs generating outputs outside their intended narrow domains, such as in customer support bots, by introducing domain certification to guarantee and characterize out-of-domain behavior, and proposes VALID, a method that provides adversarial bounds as certificates, showing it yields tight probability bounds with minimal impact on refusal behavior across diverse datasets.
Large language models (LLMs) are often deployed to perform constrained tasks, with narrow domains. For example, customer support bots can be built on top of LLMs, relying on their broad language understanding and capabilities to enhance performance. However, these LLMs are adversarially susceptible, potentially generating outputs outside the intended domain. To formalize, assess, and mitigate this risk, we introduce domain certification; a guarantee that accurately characterizes the out-of-domain behavior of language models. We then propose a simple yet effective approach, which we call VALID that provides adversarial bounds as a certificate. Finally, we evaluate our method across a diverse set of datasets, demonstrating that it yields meaningful certificates, which bound the probability of out-of-domain samples tightly with minimum penalty to refusal behavior.