Saved in:
Bibliographic Details
Main Authors: Fandina, Ora Nova, Choshen, Leshem, Farchi, Eitan, Kour, George, Perlitz, Yotam, Raz, Orna
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2408.12259
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917920630636544
author Fandina, Ora Nova
Choshen, Leshem
Farchi, Eitan
Kour, George
Perlitz, Yotam
Raz, Orna
author_facet Fandina, Ora Nova
Choshen, Leshem
Farchi, Eitan
Kour, George
Perlitz, Yotam
Raz, Orna
contents Consider a scenario where a harmfulness evaluation metric intended to filter unsafe responses from a Large Language Model. When applied to individual harmful prompt-response pairs, it correctly flags them as unsafe by assigning a high-risk score. Yet, if those same pairs are concatenated, the metrics decision unexpectedly reverses - labelling the combined content as safe with a low score, allowing the harmful text to bypass the filter. We found that multiple safety metrics, including advanced metrics such as GPT-based judges, exhibit this non-safe behaviour. Moreover, they show a strong sensitivity to input order: responses are often classified as safe if safe content appears first, regardless of any harmful content that follows, and vice versa. These findings underscore the importance of evaluating the safety of safety metrics, that is, the reliability of their output scores. To address this, we developed general, automatic, concatenation-based tests to assess key properties of these metrics. When applied in a model safety scenario, the tests revealed significant inconsistencies in harmfulness evaluations.
format Preprint
id arxiv_https___arxiv_org_abs_2408_12259
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle How Safe is Your Safety Metric? Automatic Concatenation Tests for Metric Reliability
Fandina, Ora Nova
Choshen, Leshem
Farchi, Eitan
Kour, George
Perlitz, Yotam
Raz, Orna
Artificial Intelligence
68T50
Consider a scenario where a harmfulness evaluation metric intended to filter unsafe responses from a Large Language Model. When applied to individual harmful prompt-response pairs, it correctly flags them as unsafe by assigning a high-risk score. Yet, if those same pairs are concatenated, the metrics decision unexpectedly reverses - labelling the combined content as safe with a low score, allowing the harmful text to bypass the filter. We found that multiple safety metrics, including advanced metrics such as GPT-based judges, exhibit this non-safe behaviour. Moreover, they show a strong sensitivity to input order: responses are often classified as safe if safe content appears first, regardless of any harmful content that follows, and vice versa. These findings underscore the importance of evaluating the safety of safety metrics, that is, the reliability of their output scores. To address this, we developed general, automatic, concatenation-based tests to assess key properties of these metrics. When applied in a model safety scenario, the tests revealed significant inconsistencies in harmfulness evaluations.
title How Safe is Your Safety Metric? Automatic Concatenation Tests for Metric Reliability
topic Artificial Intelligence
68T50
url https://arxiv.org/abs/2408.12259