Auto-Tuning Safety Guardrails for Black-Box Large Language Models
This addresses the challenge of hardening safety guardrails for product teams deploying black-box LLMs, though it is incremental as it applies existing optimization methods to a new context.
The paper tackles the problem of brittle, hand-tuned safety guardrails for black-box large language models by treating guardrail design as a hyperparameter optimization problem, achieving results that rediscover optimal configurations with an order of magnitude fewer evaluations and roughly 8x less wall-clock time compared to grid search.
Large language models (LLMs) are increasingly deployed behind safety guardrails such as system prompts and content filters, especially in settings where product teams cannot modify model weights. In practice these guardrails are typically hand-tuned, brittle, and difficult to reproduce. This paper studies a simple but practical alternative: treat safety guardrail design itself as a hyperparameter optimization problem over a frozen base model. Concretely, I wrap Mistral-7B-Instruct with modular jailbreak and malware system prompts plus a ModernBERT-based harmfulness classifier, then evaluate candidate configurations on three public benchmarks covering malware generation, classic jailbreak prompts, and benign user queries. Each configuration is scored using malware and jailbreak attack success rate, benign harmful-response rate, and end-to-end latency. A 48-point grid search over prompt combinations and filter modes establishes a baseline. I then run a black-box Optuna study over the same space and show that it reliably rediscovers the best grid configurations while requiring an order of magnitude fewer evaluations and roughly 8x less wall-clock time. The results suggest that viewing safety guardrails as tunable hyperparameters is a feasible way to harden black-box LLM deployments under compute and time constraints.