RAR: Setting Knowledge Tripwires for Retrieval Augmented Rejection
This addresses the problem of flexible and real-time content moderation for LLM users, though it appears incremental as it builds on existing RAG systems without architectural changes.
The paper tackles content moderation for large language models by proposing Retrieval Augmented Rejection (RAR), which uses a retrieval-augmented generation architecture to dynamically reject unsafe queries without retraining, achieving comparable performance to embedded moderation in models like Claude 3.5 Sonnet.
Content moderation for large language models (LLMs) remains a significant challenge, requiring flexible and adaptable solutions that can quickly respond to emerging threats. This paper introduces Retrieval Augmented Rejection (RAR), a novel approach that leverages a retrieval-augmented generation (RAG) architecture to dynamically reject unsafe user queries without model retraining. By strategically inserting and marking malicious documents into the vector database, the system can identify and reject harmful requests when these documents are retrieved. Our preliminary results show that RAR achieves comparable performance to embedded moderation in LLMs like Claude 3.5 Sonnet, while offering superior flexibility and real-time customization capabilities, a fundamental feature to timely address critical vulnerabilities. This approach introduces no architectural changes to existing RAG systems, requiring only the addition of specially crafted documents and a simple rejection mechanism based on retrieval results.