Fail-Closed Alignment for Large Language Models
This addresses a critical safety issue for large language models by providing a robust alignment method, though it is incremental as it builds on existing alignment approaches.
The paper tackles the problem of structural weakness in large language model alignment, where current refusal mechanisms are fail-open and vulnerable to jailbreak attacks, by proposing a fail-closed alignment principle that achieves the strongest overall robustness across four jailbreak attacks while mitigating over-refusal and preserving generation quality with small computational overhead.
We identify a structural weakness in current large language model (LLM) alignment: modern refusal mechanisms are fail-open. While existing approaches encode refusal behaviors across multiple latent features, suppressing a single dominant feature$-$via prompt-based jailbreaks$-$can cause alignment to collapse, leading to unsafe generation. Motivated by this, we propose fail-closed alignment as a design principle for robust LLM safety: refusal mechanisms should remain effective even under partial failures via redundant, independent causal pathways. We present a concrete instantiation of this principle: a progressive alignment framework that iteratively identifies and ablates previously learned refusal directions, forcing the model to reconstruct safety along new, independent subspaces. Across four jailbreak attacks, we achieve the strongest overall robustness while mitigating over-refusal and preserving generation quality, with small computational overhead. Our mechanistic analyses confirm that models trained with our method encode multiple, causally independent refusal directions that prompt-based jailbreaks cannot suppress simultaneously, providing empirical support for fail-closed alignment as a principled foundation for robust LLM safety.