Risk-adaptive Activation Steering for Safe Multimodal Large Language Models
This addresses safety alignment for multimodal AI models, reducing vulnerabilities to malicious queries while maintaining utility, though it is an incremental improvement over existing inference-time defenses.
The paper tackled the problem of multimodal large language models being vulnerable to harmful queries embedded in images, proposing Risk-adaptive Activation Steering (RAS) to reformulate queries for better safety assessment, which significantly reduced attack success rates and improved inference speed over prior methods.
One of the key challenges of modern AI models is ensuring that they provide helpful responses to benign queries while refusing malicious ones. But often, the models are vulnerable to multimodal queries with harmful intent embedded in images. One approach for safety alignment is training with extensive safety datasets at the significant costs in both dataset curation and training. Inference-time alignment mitigates these costs, but introduces two drawbacks: excessive refusals from misclassified benign queries and slower inference speed due to iterative output adjustments. To overcome these limitations, we propose to reformulate queries to strengthen cross-modal attention to safety-critical image regions, enabling accurate risk assessment at the query level. Using the assessed risk, it adaptively steers activations to generate responses that are safe and helpful without overhead from iterative output adjustments. We call this Risk-adaptive Activation Steering (RAS). Extensive experiments across multiple benchmarks on multimodal safety and utility demonstrate that the RAS significantly reduces attack success rates, preserves general task performance, and improves inference speed over prior inference-time defenses.