TuneShield: Mitigating Toxicity in Conversational AI while Fine-tuning on Untrusted Data
This addresses a critical safety issue for developers customizing chatbots on potentially harmful datasets, though it is an incremental improvement in defense mechanisms.
The paper tackles the problem of mitigating toxicity in conversational AI when fine-tuning on untrusted data, introducing TuneShield, a defense framework that effectively reduces toxicity injection attacks while preserving conversational quality, showing resilience against adaptive adversarial and jailbreak attacks.
Recent advances in foundation models, such as LLMs, have revolutionized conversational AI. Chatbots are increasingly being developed by customizing LLMs on specific conversational datasets. However, mitigating toxicity during this customization, especially when dealing with untrusted training data, remains a significant challenge. To address this, we introduce TuneShield, a defense framework designed to mitigate toxicity during chatbot fine-tuning while preserving conversational quality. TuneShield leverages LLM-based toxicity classification, utilizing the instruction-following capabilities and safety alignment of LLMs to effectively identify toxic samples, outperforming industry API services. TuneShield generates synthetic conversation samples, termed 'healing data', based on the identified toxic samples, using them to mitigate toxicity while reinforcing desirable behavior during fine-tuning. It performs an alignment process to further nudge the chatbot towards producing desired responses. Our findings show that TuneShield effectively mitigates toxicity injection attacks while preserving conversational quality, even when the toxicity classifiers are imperfect or biased. TuneShield proves to be resilient against adaptive adversarial and jailbreak attacks. Additionally, TuneShield demonstrates effectiveness in mitigating adaptive toxicity injection attacks during dialog-based learning (DBL).