Safer Policy Compliance with Dynamic Epistemic Fallback
This addresses safety for LLMs in legal compliance applications, but is incremental as it builds on existing cognitive-inspired defenses.
The paper tackled the problem of LLMs being deceived by maliciously perturbed policy texts in high-stakes compliance tasks, and introduced Dynamic Epistemic Fallback (DEF) to improve detection and refusal, achieving a 100% detection rate with DeepSeek-R1 in one setting.
Humans develop a series of cognitive defenses, known as epistemic vigilance, to combat risks of deception and misinformation from everyday interactions. Developing safeguards for LLMs inspired by this mechanism might be particularly helpful for their application in high-stakes tasks such as automating compliance with data privacy laws. In this paper, we introduce Dynamic Epistemic Fallback (DEF), a dynamic safety protocol for improving an LLM's inference-time defenses against deceptive attacks that make use of maliciously perturbed policy texts. Through various levels of one-sentence textual cues, DEF nudges LLMs to flag inconsistencies, refuse compliance, and fallback to their parametric knowledge upon encountering perturbed policy texts. Using globally recognized legal policies such as HIPAA and GDPR, our empirical evaluations report that DEF effectively improves the capability of frontier LLMs to detect and refuse perturbed versions of policies, with DeepSeek-R1 achieving a 100% detection rate in one setting. This work encourages further efforts to develop cognitively inspired defenses to improve LLM robustness against forms of harm and deception that exploit legal artifacts.