{"data":{"slug":"poloclub-llm-self-defense","name":"llm-self-defense","tagline":"LLM Self Defense: By Self Examination, LLMs know they are being tricked","github_url":"https://github.com/poloclub/llm-self-defense","owner":"poloclub","repo":"llm-self-defense","owner_avatar_url":"https://avatars.githubusercontent.com/u/19315506?v=4","primary_language":"Python","stars":52,"forks":7,"topics":[],"archived":false,"github_pushed_at":"2024-05-21T07:51:46+00:00","maintenance_label":"Dormant","url":"https://www.graphcanon.com/tools/poloclub-llm-self-defense","markdown_url":"https://www.graphcanon.com/tools/poloclub-llm-self-defense.md","api_url":"https://www.graphcanon.com/api/graphcanon/tools/poloclub-llm-self-defense","graph_url":"https://www.graphcanon.com/api/graphcanon/graph?tool=poloclub-llm-self-defense","description":"LLM Self Defense: By Self Examination, LLMs know they are being tricked","homepage_url":null,"license":"BSD-3-Clause","open_issues":7,"watchers":5,"ai_summary":null,"readme_excerpt":"# LLM Self Defense\n\n\n\n\n[LLM Self Defense: By Self Examination, LLMs know they are being tricked](https://arxiv.org/abs/2308.07308). Mansi Phute, Alec Heibling, Matthew Hull, ShengYun Peng, Sebastian Szyller, Cory Cornelius, Duen Horng Chau. In *ICLR 2024 TinyPaper*, 2024.\n\n📄  <a href=\"https://arxiv.org/abs/2308.07308\"> Research Paper</a> &nbsp;&nbsp;&nbsp;&nbsp;\n🚀  <a href=\"https://mphute.github.io/papers/llm-self-defense\"> Project Page</a> &nbsp;&nbsp;&nbsp;&nbsp; \n\n<p align=\"center\">\n    <img src=\"imgs/crown-jewel.png\" alt=\"drawing\" width=\"60%\"/>\n</p>\n\nLarge language models (LLMs) are popular for high-quality text generation but can produce harmful content, even when aligned with human values through reinforcement learning. Adversarial prompts can bypass their safety measures. We propose LLM SELF DEFENSE, a simple approach to defend against these attacks by having an LLM screen the induced responses. Our method does not require any fine-tuning, input preprocessing, or iterative output generation. Instead, we incorporate the generated content into a pre-defined prompt and employ another instance of an LLM to analyze the text and predict whether it is harmful. We test LLM SELF DEFENSE on GPT 3.5 and Llama 2, two of the current most prominent LLMs against various types of attacks, such as forcefully inducing affirmative responses to prompts and prompt engineering attacks. Notably, LLM SELF DEFENSE succeeds in reducing the attack success rate to virtually 0 using both GPT 3.5 and Llama 2.\n\n## News\n\n- 📄  Accepted to ICLR TinyPapers 2024\n- ⭐ Highlighted in ACL 2024 Tutorial: [*Vulnerabilities of Large Language Models to Adversarial Attacks*](https://llm-vulnerability.github.io)\n- 🚀 Deployed at ADP, The largest payroll company in the world\n\n## Getting Started\n\n### Environment Setup\n\nCreate a virtual envirmonemt witht he following command \n\n```conda create --name llmdefense python=3.9 --file requirements.txt```\n\n\n### API Keys and logins\n\nIn ```harm_filter.py``` if you are using GPT 3.5 add the  ```OPENAI_API_KEY``` on line 71\n\nYou might also need to login to your huggingface account to access Llama weights using the following command\n\n```huggingface-cli login```\n\n### Evaluation\n\nRun the following command\n\n```python3 harm_filter.py```\n\nYou can test your own data by modifying the ```DATA_PATH``` variable, and change the model used as harm filter by changing the ```HARMFILTER_MODEL``` \n\n\n\n## Citation\n```bibtex\n@article{phute2023llm,\n  title={Llm self defense: By self examination, llms know they are being tricked},\n  author={Phute, Mansi and Helbling, Alec and Hull, Matthew and Peng,ShengYun and Szyller,Sebastian and Cornelius,Cory and Chau, Duen Horng},\n  journal={arXiv preprint arXiv:2308.07308},\n  year={2023}\n}\n```\n\n## Contact\nIf you have any questions, feel free to open an issue or contact [Mansi Phute](https://mphute.github.io) (CS MS @Georgia Tech).","github_created_at":"2024-03-08T17:54:20+00:00","created_at":"2026-07-11T23:41:31.771896+00:00","updated_at":"2026-07-12T08:20:49.137553+00:00","categories":[{"slug":"developer-tools","name":"Developer Tools","url":"https://www.graphcanon.com/categories/developer-tools","markdown_url":"https://www.graphcanon.com/categories/developer-tools.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/developer-tools"},{"slug":"inference-serving","name":"Inference & Serving","url":"https://www.graphcanon.com/categories/inference-serving","markdown_url":"https://www.graphcanon.com/categories/inference-serving.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/inference-serving"},{"slug":"llm-frameworks","name":"LLM Frameworks","url":"https://www.graphcanon.com/categories/llm-frameworks","markdown_url":"https://www.graphcanon.com/categories/llm-frameworks.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/llm-frameworks"}],"tags":[{"slug":"python","name":"python"}],"trust":{"provenance":{"is_fork":false,"github_id":769276768,"owner_type":"Organization","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-11T23:41:34.098Z","maintenance":{"label":"Dormant","score":18,"methodology":"github_public_v1","releases_90d":0,"days_since_push":781,"last_release_at":null},"security_summary":{"status":"findings","scanner":"osv@v1","low_count":157,"high_count":0,"last_scan_at":"2026-07-11T23:41:34.767Z","medium_count":0,"scan_profile":"deps","critical_count":0}},"capability_facts":{"scan":{"source":"repo_scan","observed_at":"2026-07-11T23:41:33.705Z"},"languages":{"value":["python"],"source":"github.language","observed_at":"2026-07-11T23:41:33.705Z"},"license_spdx":{"value":"BSD-3-Clause","source":"github.license","observed_at":"2026-07-11T23:41:33.705Z"}}}}