GAVEL: Towards rule-based safety through activation monitoring
This work addresses the need for scalable, interpretable, and auditable AI governance, offering a practical framework for practitioners to configure safety rules without retraining, though it is incremental in building on existing activation monitoring approaches.
The paper tackles the problem of poor precision and limited flexibility in activation-based safety monitoring for large language models by introducing a rule-based paradigm that models activations as interpretable cognitive elements, achieving improved precision and domain customization.
Large language models (LLMs) are increasingly paired with activation-based monitoring to detect and prevent harmful behaviors that may not be apparent at the surface-text level. However, existing activation safety approaches, trained on broad misuse datasets, struggle with poor precision, limited flexibility, and lack of interpretability. This paper introduces a new paradigm: rule-based activation safety, inspired by rule-sharing practices in cybersecurity. We propose modeling activations as cognitive elements (CEs), fine-grained, interpretable factors such as ''making a threat'' and ''payment processing'', that can be composed to capture nuanced, domain-specific behaviors with higher precision. Building on this representation, we present a practical framework that defines predicate rules over CEs and detects violations in real time. This enables practitioners to configure and update safeguards without retraining models or detectors, while supporting transparency and auditability. Our results show that compositional rule-based activation safety improves precision, supports domain customization, and lays the groundwork for scalable, interpretable, and auditable AI governance. We will release GAVEL as an open-source framework and provide an accompanying automated rule creation tool.