{"id":"https://openalex.org/W4414693707","doi":"https://doi.org/10.48550/arxiv.2507.09406","title":"Adversarial Activation Patching: A Framework for Detecting and Mitigating Emergent Deception in Safety-Aligned Transformers","display_name":"Adversarial Activation Patching: A Framework for Detecting and Mitigating Emergent Deception in Safety-Aligned Transformers","publication_year":2025,"publication_date":"2025-07-12","ids":{"openalex":"https://openalex.org/W4414693707","doi":"https://doi.org/10.48550/arxiv.2507.09406"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2507.09406","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.09406","pdf_url":"https://arxiv.org/pdf/2507.09406","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2507.09406","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046466481","display_name":"Santhosh Kumar Ravindran","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ravindran, Santhosh Kumar","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5046466481"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9958999752998352,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12268","display_name":"Deception detection and forensic psychology","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/3207","display_name":"Social Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9909999966621399,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.9047999978065491},{"id":"https://openalex.org/keywords/interpretability","display_name":"Interpretability","score":0.8216999769210815},{"id":"https://openalex.org/keywords/deception","display_name":"Deception","score":0.7968999743461609},{"id":"https://openalex.org/keywords/transferability","display_name":"Transferability","score":0.5327000021934509},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4350000023841858},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.3752000033855438},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.3675000071525574},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.36559998989105225}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.9047999978065491},{"id":"https://openalex.org/C2781067378","wikidata":"https://www.wikidata.org/wiki/Q17027399","display_name":"Interpretability","level":2,"score":0.8216999769210815},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.7968999743461609},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6965000033378601},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.5327000021934509},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4489000141620636},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4350000023841858},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40700000524520874},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.3752000033855438},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.3675000071525574},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.36559998989105225},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3361000120639801},{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.33570000529289246},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3206000030040741},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3190999925136566},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.2948000133037567},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2930999994277954},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.2549999952316284},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.2531999945640564},{"id":"https://openalex.org/C86251818","wikidata":"https://www.wikidata.org/wiki/Q816754","display_name":"Benchmarking","level":2,"score":0.2531999945640564},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.25290000438690186},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.25270000100135803},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.25220000743865967}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2507.09406","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.09406","pdf_url":"https://arxiv.org/pdf/2507.09406","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2507.09406","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2507.09406","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2507.09406","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.09406","pdf_url":"https://arxiv.org/pdf/2507.09406","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1],"models":[2],"(LLMs)":[3],"aligned":[4],"for":[5,180],"safety":[6,170],"through":[7],"techniques":[8],"like":[9],"reinforcement":[10],"learning":[11],"from":[12,64,107],"human":[13],"feedback":[14],"(RLHF)":[15],"often":[16],"exhibit":[17],"emergent":[18],"deceptive":[19,103],"behaviors,":[20],"where":[21],"outputs":[22,104],"appear":[23],"compliant":[24],"but":[25],"subtly":[26],"mislead":[27],"or":[28],"omit":[29],"critical":[30],"information.":[31],"This":[32,166],"paper":[33],"introduces":[34],"adversarial":[35,49,100,145],"activation":[36,45,151],"patching,":[37],"a":[38,108,178],"novel":[39],"mechanistic":[40],"interpretability":[41],"framework":[42],"that":[43,99],"leverages":[44],"patching":[46,68,101],"as":[47,150],"an":[48],"tool":[50],"to":[51,105],"induce,":[52],"detect,":[53],"and":[54,67,80,129,144,154,162,176],"mitigate":[55],"such":[56,149],"deception":[57,82],"in":[58,126,141],"transformer-based":[59],"models.":[60,185],"By":[61],"sourcing":[62],"activations":[63],"\"deceptive\"":[65],"prompts":[66],"them":[69],"into":[70],"safe":[71],"forward":[72],"passes":[73],"at":[74],"specific":[75],"layers,":[76],"we":[77,97],"simulate":[78],"vulnerabilities":[79],"quantify":[81],"rates.":[83],"Through":[84],"toy":[85],"neural":[86],"network":[87],"simulations":[88],"across":[89,123],"multiple":[90],"scenarios":[91],"(e.g.,":[92],"1000":[93],"trials":[94],"per":[95],"setup),":[96],"demonstrate":[98],"increases":[102],"23.9%":[106],"0%":[109],"baseline,":[110],"with":[111],"layer-specific":[112],"variations":[113],"supporting":[114],"our":[115],"hypotheses.":[116],"We":[117],"propose":[118],"six":[119],"hypotheses,":[120],"including":[121],"transferability":[122],"models,":[124],"exacerbation":[125],"multimodal":[127],"settings,":[128],"scaling":[130],"effects.":[131],"An":[132],"expanded":[133],"literature":[134],"review":[135],"synthesizes":[136],"over":[137],"20":[138],"key":[139],"works":[140],"interpretability,":[142],"deception,":[143],"attacks.":[146],"Mitigation":[147],"strategies,":[148],"anomaly":[152],"detection":[153],"robust":[155],"fine-tuning,":[156],"are":[157],"detailed,":[158],"alongside":[159],"ethical":[160],"considerations":[161],"future":[163],"research":[164],"directions.":[165],"work":[167],"advances":[168],"AI":[169],"by":[171],"highlighting":[172],"patching's":[173],"dual-use":[174],"potential":[175],"provides":[177],"roadmap":[179],"empirical":[181],"studies":[182],"on":[183],"large-scale":[184]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-10T00:00:00"}