LLM-VA: Resolving the Jailbreak-Overrefusal Trade-off via Vector Alignment
This addresses a critical safety issue for LLM users by improving model reliability without fine-tuning, though it is an incremental advancement over existing vector steering methods.
The paper tackles the trade-off between jailbreak and over-refusal in safety-aligned LLMs by proposing LLM-VA, a method that aligns answer and safety vectors via closed-form weight updates, achieving 11.45% higher F1 than the best baseline while preserving 95.92% utility.
Safety-aligned LLMs suffer from two failure modes: jailbreak (answering harmful inputs) and over-refusal (declining benign queries). Existing vector steering methods adjust the magnitude of answer vectors, but this creates a fundamental trade-off -- reducing jailbreak increases over-refusal and vice versa. We identify the root cause: LLMs encode the decision to answer (answer vector $v_a$) and the judgment of input safety (benign vector $v_b$) as nearly orthogonal directions, treating them as independent processes. We propose LLM-VA, which aligns $v_a$ with $v_b$ through closed-form weight updates, making the model's willingness to answer causally dependent on its safety assessment -- without fine-tuning or architectural changes. Our method identifies vectors at each layer using SVMs, selects safety-relevant layers, and iteratively aligns vectors via minimum-norm weight modifications. Experiments on 12 LLMs demonstrate that LLM-VA achieves 11.45% higher F1 than the best baseline while preserving 95.92% utility, and automatically adapts to each model's safety bias without manual tuning. Code and models are available at https://hotbento.github.io/LLM-VA-Web/.