The Rogue Scalpel: Activation Steering Compromises LLM Safety
Alexey Dontsov
Abstract
Activation steering, intended to control LLM behavior, can instead increase harmful compliance and undermine model alignment safeguards.
Activation steering is a promising technique for controlling LLM behavior by adding semantically meaningful vectors directly into a model's hidden states during inference. It is often framed as a precise, interpretable, and potentially safer alternative to fine-tuning. We demonstrate the opposite: steering systematically breaks model alignment safeguards, making it comply with harmful requests. Through extensive experiments on different model families, we show that even steering in a random direction can increase the probability of harmful compliance from 0% to 2-27%. Alarmingly, steering benign features from a sparse autoencoder (SAE), a common source of interpretable directions, increases these rates by a further 2-4%. Finally, we show that combining 20 randomly sampled vectors that jailbreak a single prompt creates a universal attack, significantly increasing harmful compliance on unseen requests. These results challenge the paradigm of safety through interpretability, showing that precise control over model internals does not guarantee precise control over model behavior.
Community
Activation steering - a technique that controls AI models by adding vectors to their internal representations - actually makes models less safe, not more. Even random steering directions can increase harmful compliance from 0% to 27%, and using "interpretable" directions from sparse autoencoders makes it worse. We show that having precise control over a model's internals doesn't guarantee safe behavior, challenging the idea that interpretability equals safety.
This is an automated message from the Librarian Bot. I found the following papers similar to this paper.
The following papers were recommended by the Semantic Scholar API
- Turning the Spell Around: Lightweight Alignment Amplification via Rank-One Safety Injection (2025)
- LatentGuard: Controllable Latent Steering for Robust Refusal of Attacks and Reliable Response Generation (2025)
- CorrSteer: Steering Improves Task Performance and Safety in LLMs through Correlation-based Sparse Autoencoder Feature Selection (2025)
- Steering MoE LLMs via Expert (De)Activation (2025)
- Mitigating Jailbreaks with Intent-Aware LLMs (2025)
- Safety Alignment Should Be Made More Than Just A Few Attention Heads (2025)
- ASGuard: Activation-Scaling Guard to Mitigate Targeted Jailbreaking Attack (2025)
Please give a thumbs up to this comment if you found it helpful!
If you want recommendations for any Paper on Hugging Face checkout this Space
You can directly ask Librarian Bot for paper recommendations by tagging it in a comment:
@librarian-bot
recommend
Models citing this paper 0
No model linking this paper
Datasets citing this paper 0
No dataset linking this paper
Spaces citing this paper 0
No Space linking this paper