{"id":"https://openalex.org/W7161761904","doi":"https://doi.org/10.1007/s10994-026-07060-8","title":"Survey on LLM Safety: Attacks, Defenses, Alignment, Metrics, and Guardrails","display_name":"Survey on LLM Safety: Attacks, Defenses, Alignment, Metrics, and Guardrails","publication_year":2026,"publication_date":"2026-05-20","ids":{"openalex":"https://openalex.org/W7161761904","doi":"https://doi.org/10.1007/s10994-026-07060-8"},"language":"en","primary_location":{"id":"doi:10.1007/s10994-026-07060-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10994-026-07060-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10994-026-07060-8.pdf","source":{"id":"https://openalex.org/S62148650","display_name":"Machine Learning","issn_l":"0885-6125","issn":["0885-6125","1573-0565"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10994-026-07060-8.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119877698","display_name":"Pratik Jalan","orcid":null},"institutions":[{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Pratik Jalan","raw_affiliation_strings":["Macquarie University, Sydney, NSW, 2109, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Macquarie University, Sydney, NSW, 2109, Australia","institution_ids":["https://openalex.org/I99043593"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5095837609","display_name":"Vadivel Abishethvarman","orcid":null},"institutions":[{"id":"https://openalex.org/I908128300","display_name":"Sabaragamuwa University of Sri Lanka","ror":"https://ror.org/045vwzt11","country_code":"LK","type":"education","lineage":["https://openalex.org/I908128300"]}],"countries":["LK"],"is_corresponding":false,"raw_author_name":"Vadivel Abishethvarman","raw_affiliation_strings":["Sabaragamuwa University of Sri Lanka, Belihuloya, 70140, Sri Lanka"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sabaragamuwa University of Sri Lanka, Belihuloya, 70140, Sri Lanka","institution_ids":["https://openalex.org/I908128300"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136570079","display_name":"Bhavik Chandna","orcid":null},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bhavik Chandna","raw_affiliation_strings":["University of California, San Diego, San Diego, CA, 92093, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, San Diego, San Diego, CA, 92093, USA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5136585938","display_name":"Usman Naseem","orcid":null},"institutions":[{"id":"https://openalex.org/I99043593","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89","country_code":"AU","type":"education","lineage":["https://openalex.org/I99043593"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Usman Naseem","raw_affiliation_strings":["Macquarie University, Sydney, NSW, 2109, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Macquarie University, Sydney, NSW, 2109, Australia","institution_ids":["https://openalex.org/I99043593"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5136585938"],"corresponding_institution_ids":["https://openalex.org/I99043593"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.936663,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":"115","issue":"6","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9010999798774719,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9010999798774719,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.016300000250339508,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.013299999758601189,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7300000190734863},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6998999714851379},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6980000138282776},{"id":"https://openalex.org/keywords/trustworthiness","display_name":"Trustworthiness","score":0.6499999761581421},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5205000042915344},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.48809999227523804}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7300000190734863},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6998999714851379},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6980000138282776},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6934000253677368},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.6499999761581421},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5782999992370605},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5205000042915344},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4999000132083893},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.48809999227523804},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.4544999897480011},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.43529999256134033},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.4050000011920929},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.30959999561309814},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3043999969959259},{"id":"https://openalex.org/C3017944768","wikidata":"https://www.wikidata.org/wiki/Q1450463","display_name":"Poison control","level":2,"score":0.2727000117301941},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.2696000039577484},{"id":"https://openalex.org/C105002631","wikidata":"https://www.wikidata.org/wiki/Q4833645","display_name":"Subject-matter expert","level":3,"score":0.26440000534057617},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2599000036716461},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.259799987077713}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10994-026-07060-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10994-026-07060-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10994-026-07060-8.pdf","source":{"id":"https://openalex.org/S62148650","display_name":"Machine Learning","issn_l":"0885-6125","issn":["0885-6125","1573-0565"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10994-026-07060-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10994-026-07060-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10994-026-07060-8.pdf","source":{"id":"https://openalex.org/S62148650","display_name":"Machine Learning","issn_l":"0885-6125","issn":["0885-6125","1573-0565"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Machine Learning","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5068724751472473}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320591","display_name":"Macquarie University","ror":"https://ror.org/01sf06y89"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7161761904.pdf","grobid_xml":"https://content.openalex.org/works/W7161761904.grobid-xml"},"referenced_works_count":92,"referenced_works":["https://openalex.org/W3100355250","https://openalex.org/W3102825016","https://openalex.org/W3161633503","https://openalex.org/W3170572542","https://openalex.org/W3186814609","https://openalex.org/W3196832521","https://openalex.org/W3201174429","https://openalex.org/W4206637810","https://openalex.org/W4285210452","https://openalex.org/W4382141729","https://openalex.org/W4385894687","https://openalex.org/W4387806231","https://openalex.org/W4387839052","https://openalex.org/W4388926538","https://openalex.org/W4389364443","https://openalex.org/W4389519389","https://openalex.org/W4389520781","https://openalex.org/W4389524506","https://openalex.org/W4390602555","https://openalex.org/W4391124713","https://openalex.org/W4392353733","https://openalex.org/W4393145569","https://openalex.org/W4393284699","https://openalex.org/W4394002987","https://openalex.org/W4396827165","https://openalex.org/W4399363436","https://openalex.org/W4399531475","https://openalex.org/W4399632242","https://openalex.org/W4400002903","https://openalex.org/W4400005365","https://openalex.org/W4400529431","https://openalex.org/W4401242456","https://openalex.org/W4401768995","https://openalex.org/W4401863694","https://openalex.org/W4402263672","https://openalex.org/W4402670087","https://openalex.org/W4402670541","https://openalex.org/W4402671302","https://openalex.org/W4402683786","https://openalex.org/W4402698561","https://openalex.org/W4402703048","https://openalex.org/W4403723858","https://openalex.org/W4404341053","https://openalex.org/W4404346378","https://openalex.org/W4404652739","https://openalex.org/W4404781033","https://openalex.org/W4404781959","https://openalex.org/W4404782026","https://openalex.org/W4406205485","https://openalex.org/W4406460462","https://openalex.org/W4407386046","https://openalex.org/W4407424741","https://openalex.org/W4407764380","https://openalex.org/W4409347972","https://openalex.org/W4409348010","https://openalex.org/W4409362727","https://openalex.org/W4409460650","https://openalex.org/W4410609100","https://openalex.org/W4411001734","https://openalex.org/W4411119623","https://openalex.org/W4411120355","https://openalex.org/W4412887948","https://openalex.org/W4412888250","https://openalex.org/W4412888273","https://openalex.org/W4412888909","https://openalex.org/W4412944681","https://openalex.org/W4412944837","https://openalex.org/W4413146021","https://openalex.org/W4413967271","https://openalex.org/W4414205813","https://openalex.org/W4414243054","https://openalex.org/W4414430416","https://openalex.org/W4414581173","https://openalex.org/W4414769424","https://openalex.org/W4414835280","https://openalex.org/W4414930427","https://openalex.org/W4415230519","https://openalex.org/W4415271252","https://openalex.org/W4415795312","https://openalex.org/W4416034379","https://openalex.org/W4416034591","https://openalex.org/W4416036027","https://openalex.org/W4416036549","https://openalex.org/W4416047691","https://openalex.org/W4416435601","https://openalex.org/W4417174901","https://openalex.org/W6929451641","https://openalex.org/W6966902764","https://openalex.org/W7076717210","https://openalex.org/W7108516635","https://openalex.org/W7117301373","https://openalex.org/W7126420743"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Large":[1],"Language":[2],"Models":[3],"(LLM)":[4],"have":[5],"demonstrated":[6],"remarkable":[7],"capabilities":[8],"across":[9],"various":[10],"applications,":[11],"but":[12],"their":[13,126],"deployment":[14],"raises":[15],"critical":[16,143],"safety":[17,33,56,139],"concerns":[18],"as":[19,73],"potential":[20],"misuse":[21],"poses":[22],"significant":[23],"societal":[24],"risks.":[25],"This":[26],"survey":[27],"reviews":[28],"the":[29,39,48,92,145,164],"end-to-end":[30],"security":[31,165],"and":[32,43,59,78,100,129,149,158,166],"pipeline":[34],"of":[35,115,147,168],"LLMs,":[36],"focusing":[37],"on":[38],"interaction":[40],"between":[41],"users":[42],"model":[44,69],"responses.":[45],"We":[46],"categorize":[47],"system":[49],"into":[50],"five":[51],"key":[52],"components:":[53],"attacks,":[54],"defenses,":[55],"alignment,":[57],"metrics":[58,123],"guarding":[60],"mechanisms.":[61],"Attacks":[62],"involve":[63],"crafting":[64],"adversarial":[65],"inputs":[66,81],"to":[67,76,107,120,124,162],"exploit":[68],"vulnerabilities.":[70],"Defenses":[71],"act":[72],"countermeasures,":[74],"aiming":[75],"detect":[77],"prevent":[79],"such":[80],"before":[82],"processing.":[83],"Safety":[84],"alignment":[85,167],"ensures":[86],"that,":[87],"even":[88],"when":[89],"attacks":[90],"reach":[91],"model,":[93],"its":[94],"responses":[95],"remain":[96],"consistent":[97],"with":[98],"ethical":[99],"policy-aligned":[101],"behavior.":[102],"Guarding":[103],"mechanisms":[104],"operate":[105],"post-response":[106],"flag,":[108],"filter,":[109],"or":[110],"block":[111],"unsafe":[112],"outputs.":[113],"Each":[114],"these":[116,138],"stages":[117],"is":[118],"subject":[119],"rigorous":[121],"evaluation":[122],"assess":[125],"effectiveness,":[127],"robustness,":[128],"limitations.":[130],"As":[131],"LLMs":[132],"evolve":[133],"toward":[134],"more":[135],"general-purpose":[136],"intelligence,":[137],"considerations":[140],"become":[141],"increasingly":[142],"for":[144],"development":[146],"robust":[148],"trustworthy":[150],"AI":[151],"systems.":[152],"Finally,":[153],"we":[154],"highlight":[155],"open":[156],"challenges":[157],"future":[159],"research":[160],"directions":[161],"advance":[163],"LLMs.":[169]},"counts_by_year":[],"updated_date":"2026-05-22T06:13:13.366637","created_date":"2026-05-21T00:00:00"}