Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Buonocore, Tommaso Mario, Parimbelli, Enea
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2505.13581
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866918025579462656
author Buonocore, Tommaso Mario
Parimbelli, Enea
author_facet Buonocore, Tommaso Mario
Parimbelli, Enea
contents Content moderation for large language models (LLMs) remains a significant challenge, requiring flexible and adaptable solutions that can quickly respond to emerging threats. This paper introduces Retrieval Augmented Rejection (RAR), a novel approach that leverages a retrieval-augmented generation (RAG) architecture to dynamically reject unsafe user queries without model retraining. By strategically inserting and marking malicious documents into the vector database, the system can identify and reject harmful requests when these documents are retrieved. Our preliminary results show that RAR achieves comparable performance to embedded moderation in LLMs like Claude 3.5 Sonnet, while offering superior flexibility and real-time customization capabilities, a fundamental feature to timely address critical vulnerabilities. This approach introduces no architectural changes to existing RAG systems, requiring only the addition of specially crafted documents and a simple rejection mechanism based on retrieval results.
format Preprint
id arxiv_https___arxiv_org_abs_2505_13581
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle RAR: Setting Knowledge Tripwires for Retrieval Augmented Rejection
Buonocore, Tommaso Mario
Parimbelli, Enea
Information Retrieval
Computation and Language
Cryptography and Security
68M25, 68T07
I.2.7; K.6.5
Content moderation for large language models (LLMs) remains a significant challenge, requiring flexible and adaptable solutions that can quickly respond to emerging threats. This paper introduces Retrieval Augmented Rejection (RAR), a novel approach that leverages a retrieval-augmented generation (RAG) architecture to dynamically reject unsafe user queries without model retraining. By strategically inserting and marking malicious documents into the vector database, the system can identify and reject harmful requests when these documents are retrieved. Our preliminary results show that RAR achieves comparable performance to embedded moderation in LLMs like Claude 3.5 Sonnet, while offering superior flexibility and real-time customization capabilities, a fundamental feature to timely address critical vulnerabilities. This approach introduces no architectural changes to existing RAG systems, requiring only the addition of specially crafted documents and a simple rejection mechanism based on retrieval results.
title RAR: Setting Knowledge Tripwires for Retrieval Augmented Rejection
topic Information Retrieval
Computation and Language
Cryptography and Security
68M25, 68T07
I.2.7; K.6.5
url https://arxiv.org/abs/2505.13581