Search papers, labs, and topics across Lattice.
The paper introduces ExpGuard, a specialized guardrail model for moderating LLM content in financial, medical, and legal domains, addressing the limitations of general-purpose guardrails against domain-specific adversarial attacks. To train and evaluate ExpGuard, the authors created ExpGuardMix, a dataset of 58,928 labeled prompts and responses, including a high-quality test set annotated by domain experts. Experiments demonstrate that ExpGuard achieves competitive performance on general benchmarks and significantly outperforms state-of-the-art models like WildGuard in resilience to domain-specific adversarial attacks, with improvements of up to 8.9% in prompt classification and 15.3% in response classification.
LLM safety guardrails are surprisingly weak against domain-specific adversarial attacks in finance, medicine, and law, but ExpGuard closes the gap with a new model and dataset.
With the growing deployment of large language models (LLMs) in real-world applications, establishing robust safety guardrails to moderate their inputs and outputs has become essential to ensure adherence to safety policies. Current guardrail models predominantly address general human-LLM interactions, rendering LLMs vulnerable to harmful and adversarial content within domain-specific contexts, particularly those rich in technical jargon and specialized concepts. To address this limitation, we introduce ExpGuard, a robust and specialized guardrail model designed to protect against harmful prompts and responses across financial, medical, and legal domains. In addition, we present ExpGuardMix, a meticulously curated dataset comprising 58,928 labeled prompts paired with corresponding refusal and compliant responses, from these specific sectors. This dataset is divided into two subsets: ExpGuardTrain, for model training, and ExpGuardTest, a high-quality test set annotated by domain experts to evaluate model robustness against technical and domain-specific content. Comprehensive evaluations conducted on ExpGuardTest and eight established public benchmarks reveal that ExpGuard delivers competitive performance across the board while demonstrating exceptional resilience to domain-specific adversarial attacks, surpassing state-of-the-art models such as WildGuard by up to 8.9% in prompt classification and 15.3% in response classification. To encourage further research and development, we open-source our code, data, and model, enabling adaptation to additional domains and supporting the creation of increasingly robust guardrail models.
