llm-kb
← Back to research
Paper

Activation-Guided GCG attacks target refusal direction in LLMs

A new arxiv paper introduces Activation-Guided GCG, an adversarial attack that optimizes suffixes by directly targeting a model's internal refusal direction in activation space, rather than output-based objectives. The work probes the geometry of safety representations, showing that refusal behavior is mediated by low-dimensional directions that can be suppressed via optimization.

0 engagement·1 source·Thu, Jul 9, 2026, 07:21 PM
The paper 'Optimizing Against Safety Representations: Activation-Guided Adversarial Suffixes and the Geometry of Refusal' (arXiv, 2026-07-09) studies adversarial suffix attacks as a probe of representational alignment in LLMs. The authors introduce Activation-Guided GCG, which replaces output-based objectives with losses that directly target a model's internal refusal direction. Across several objective variants, they find that suppressing the refusal direction in activation space enables successful attacks, revealing that behavioral alignment often masks fragile internal safety representations. The work highlights how refusal behavior is mediated by low-dimensional directions in activation space, raising questions about the robustness of safety mechanisms.

Entities

arXiv(company)Activation-Guided GCG(tool)

Related

Paper

Penn State researchers introduce FARMA attack that poisons LLM agents' reasoning logs

Researchers at Penn State proposed FARMA, a two-phase attack that poisons an LLM agent's own decision logs and rationales rather than external knowledge sources. The attack first injects seed entries that mimic normal reasoning logs, then amplifies them to manipulate future agent behavior. This shifts the threat model for agent security beyond retrieval poisoning.

2 engagement·1 source·reddit
Sat, Jul 11, 2026, 07:18 PM
Paper

Robustifying Vision-Language Models via Test-Time Prompt Adaptation

A new arxiv paper proposes a test-time prompt adaptation method to improve robustness of Vision-Language Models like CLIP against adversarial perturbations. The approach leverages distributional structure rather than sample-level heuristics to distinguish adversarial mispredictions from true semantic consistency.

0 engagement·1 source·arxiv
Fri, Jul 10, 2026, 02:19 PM
arXiv
Incident

Security researcher manually tests 10 AI attacks, reveals defenses

A security researcher published a detailed account of manually testing 10 adversarial attacks against AI systems in May 2026, including leaking a chatbot's hidden instructions and making a browsing agent perform unintended actions. The post outlines which defenses actually stopped each attack, providing practical insights for AI practitioners.

0 engagement·1 source·rss
Sun, Jul 12, 2026, 08:24 AM
RSS
Paper

Mechanistic interpretability researchers apply causality theory to LLMs

Researchers are applying causality theory from the paper 'Causal Abstraction for Interpretability' (arXiv:2301.04709) to understand LLM internals. This approach aims to identify causal mechanisms within models, moving beyond correlation-based analysis.

128 engagement·1 source·hackernews
Sun, Jul 12, 2026, 06:04 PM
Paper

SATS: Sensitivity-Aware Thresholding for MLP Activation Sparsification in LLMs

A new arxiv paper proposes Sensitivity-Aware Thresholding for Sparsity (SATS), a method to calibrate layerwise gate thresholds for MLP activation sparsification using a local sensitivity proxy instead of activation percentiles. The approach aims to reduce computation during LLM inference while preserving model quality.

0 engagement·1 source·arxiv
Thu, Jul 9, 2026, 11:40 PM
arXiv