Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhang, Xiaozhe, Li, Chaozhuo, Liu, Hui, Yan, Shaocheng, Yan, Bingyu, Ye, Qiwei, Li, Haoliang
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2605.13411
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866917491115032576
author Zhang, Xiaozhe
Li, Chaozhuo
Liu, Hui
Yan, Shaocheng
Yan, Bingyu
Ye, Qiwei
Li, Haoliang
author_facet Zhang, Xiaozhe
Li, Chaozhuo
Liu, Hui
Yan, Shaocheng
Yan, Bingyu
Ye, Qiwei
Li, Haoliang
contents Large language models remain vulnerable to adversarial prompts that elicit harmful outputs. Existing safety paradigms typically couple red-teaming and post-training in a closed, policy-centric loop, causing attack discovery to suffer from rapid saturation and limiting the exposure of novel failure modes, while leaving defenses inefficient, rigid, and difficult to transfer across victim models. To this end, we propose EvoSafety, an LLM safety framework built around persistent, inspectable, and reusable external structures. For red teaming, EvoSafety equips the attack policy with an adversarial skill library, enabling continued vulnerability probing through simple library expansion after saturation, while supporting the evolution of adversarial vectors. For defense learning, EvoSafety replaces model-specific safety fine-tuning with a lightweight auxiliary defense model augmented with memory retrieval. This enables efficient, transferable, and model-agnostic safety improvements, while allowing robustness to be enhanced solely through memory updates. With a single training procedure, the defense policy can operate in both Steer and Guard modes: the former activates the victim model's intrinsic defense mechanisms, while the latter directly filters harmful inputs. Extensive experiments demonstrate the superiority of EvoSafety: in Guard mode, it achieves a 99.61% defense success rate, outperforming Qwen3Guard-8B by 14.13% with only 37.5% of its parameters, while preserving reasoning performance on benign queries. Warning: This paper contains potentially harmful text.
format Preprint
id arxiv_https___arxiv_org_abs_2605_13411
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Model-Agnostic Lifelong LLM Safety via Externalized Attack-Defense Co-Evolution
Zhang, Xiaozhe
Li, Chaozhuo
Liu, Hui
Yan, Shaocheng
Yan, Bingyu
Ye, Qiwei
Li, Haoliang
Cryptography and Security
Computation and Language
Large language models remain vulnerable to adversarial prompts that elicit harmful outputs. Existing safety paradigms typically couple red-teaming and post-training in a closed, policy-centric loop, causing attack discovery to suffer from rapid saturation and limiting the exposure of novel failure modes, while leaving defenses inefficient, rigid, and difficult to transfer across victim models. To this end, we propose EvoSafety, an LLM safety framework built around persistent, inspectable, and reusable external structures. For red teaming, EvoSafety equips the attack policy with an adversarial skill library, enabling continued vulnerability probing through simple library expansion after saturation, while supporting the evolution of adversarial vectors. For defense learning, EvoSafety replaces model-specific safety fine-tuning with a lightweight auxiliary defense model augmented with memory retrieval. This enables efficient, transferable, and model-agnostic safety improvements, while allowing robustness to be enhanced solely through memory updates. With a single training procedure, the defense policy can operate in both Steer and Guard modes: the former activates the victim model's intrinsic defense mechanisms, while the latter directly filters harmful inputs. Extensive experiments demonstrate the superiority of EvoSafety: in Guard mode, it achieves a 99.61% defense success rate, outperforming Qwen3Guard-8B by 14.13% with only 37.5% of its parameters, while preserving reasoning performance on benign queries. Warning: This paper contains potentially harmful text.
title Model-Agnostic Lifelong LLM Safety via Externalized Attack-Defense Co-Evolution
topic Cryptography and Security
Computation and Language
url https://arxiv.org/abs/2605.13411