Precise Shield: Explaining and Aligning VLLM Safety via Neuron-Level Guidance
This addresses critical safety vulnerabilities in VLLMs for real-world deployments, offering a novel neuron-level approach to enhance cross-lingual and cross-modal defense.
The paper tackles the problem of multilingual and multimodal composite attacks on Vision-Language Large Models (VLLMs) by proposing Precise Shield, a framework that identifies safety neurons and constrains updates to fewer than 0.03% of parameters, improving safety while preserving generalization.
In real-world deployments, Vision-Language Large Models (VLLMs) face critical challenges from multilingual and multimodal composite attacks: harmful images paired with low-resource language texts can easily bypass defenses designed for high-resource language scenarios, exposing structural blind spots in current cross-lingual and cross-modal safety methods. This raises a mechanistic question: where is safety capability instantiated within the model, and how is it distributed across languages and modalities? Prior studies on pure-text LLMs have identified cross-lingual shared safety neurons, suggesting that safety may be governed by a small subset of critical neurons. Leveraging this insight, we propose Precise Shield, a two-stage framework that first identifies safety neurons by contrasting activation patterns between harmful and benign inputs, and then constrains parameter updates strictly within this subspace via gradient masking with affecting fewer than 0.03% of parameters. This strategy substantially improves safety while preserving multilingual and multimodal generalization. Further analysis reveals a moderate overlap of safety neurons across languages and modalities, enabling zero-shot cross-lingual and cross-modal transfer of safety capabilities, and offering a new direction for neuron-level, transfer-based safety enhancement.