Adaptive Detoxification: Safeguarding General Capabilities of LLMs through Toxicity-Aware Knowledge Editing
This work addresses the challenge of safeguarding LLMs from toxicity and jailbreaking attacks while minimizing over-editing, which is crucial for deploying safe and reliable AI systems in real-world applications.
The paper tackles the problem of LLM detoxification by proposing ToxEdit, a toxicity-aware knowledge editing method that dynamically detects toxic activation patterns and routes computations through adaptive inter-layer pathways, resulting in improved detoxification performance and better preservation of general capabilities compared to previous state-of-the-art methods.
Large language models (LLMs) exhibit impressive language capabilities but remain vulnerable to malicious prompts and jailbreaking attacks. Existing knowledge editing methods for LLM detoxification face two major challenges. First, they often rely on entity-specific localization, making them ineffective against adversarial inputs without explicit entities. Second, these methods suffer from over-editing, where detoxified models reject legitimate queries, compromising overall performance. In this paper, we propose ToxEdit, a toxicity-aware knowledge editing approach that dynamically detects toxic activation patterns during forward propagation. It then routes computations through adaptive inter-layer pathways to mitigate toxicity effectively. This design ensures precise toxicity mitigation while preserving LLMs' general capabilities. To more accurately assess over-editing, we also enhance the SafeEdit benchmark by incorporating instruction-following evaluation tasks. Experimental results on multiple LLMs demonstrate that our ToxEdit outperforms previous state-of-the-art methods in both detoxification performance and safeguarding general capabilities of LLMs.