CALM: Curiosity-Driven Auditing for Large Language Models

Xiang Zheng; Longxiang Wang; Yi Liu; Xingjun Ma; Chao Shen; Cong Wang

doi:10.1609/aaai.v39i26.34991

CALM: Curiosity-Driven Auditing for Large Language Models

Xiang Zheng
, Longxiang Wang
, Yi Liu
, Xingjun Ma
, Chao Shen
, Cong Wang

Faculty of Electronic and Information Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Auditing Large Language Models (LLMs) is a crucial and challenging task. In this study, we focus on auditing black-box LLMs without access to their parameters, only to the provided service. We treat this type of auditing as a black-box optimization problem where the goal is to automatically uncover input-output pairs of the target LLMs that exhibit illegal, immoral, or unsafe behaviors. For instance, we may seek a nontoxic input that the target LLM responds to with a toxic output or an input that induces the hallucinative response from the target LLM containing politically sensitive individuals. This black-box optimization is challenging due to the scarcity of feasible points, the discrete nature of the prompt space, and the large search space. To address these challenges, we propose Curiosity-Driven Auditing for Large Language Models (CALM), which uses intrinsically motivated reinforcement learning to finetune an LLM as the auditor agent to uncover potential harmful and biased input-output pairs of the target LLM. CALM successfully identifies derogatory completions involving celebrities and uncovers inputs that elicit specific names under the black-box setting. This work offers a promising direction for auditing black-box LLMs. Content warning: Please note that this paper includes examples that may be offensive.

Original language	English
Title of host publication	Special Track on AI Alignment
Editors	Toby Walsh, Julie Shah, Zico Kolter
Publisher	Association for the Advancement of Artificial Intelligence
Pages	27757-27764
Number of pages	8
Edition	26
ISBN (Electronic)	157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 157735897X, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978, 9781577358978
DOIs	https://doi.org/10.1609/aaai.v39i26.34991
State	Published - 11 Apr 2025
Event	39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025 - Philadelphia, United States Duration: 25 Feb 2025 → 4 Mar 2025

Publication series

Name	Proceedings of the AAAI Conference on Artificial Intelligence
Number	26
Volume	39
ISSN (Print)	2159-5399
ISSN (Electronic)	2374-3468

Conference

Conference	39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025
Country/Territory	United States
City	Philadelphia
Period	25/02/25 → 4/03/25

Access to Document

10.1609/aaai.v39i26.34991

Cite this

Zheng, X., Wang, L., Liu, Y., Ma, X., Shen, C., & Wang, C. (2025). CALM: Curiosity-Driven Auditing for Large Language Models. In T. Walsh, J. Shah, & Z. Kolter (Eds.), Special Track on AI Alignment (26 ed., pp. 27757-27764). (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 39, No. 26). Association for the Advancement of Artificial Intelligence. https://doi.org/10.1609/aaai.v39i26.34991

@inproceedings{6dcc55b4b518468082926cade633b9e6,

title = "CALM: Curiosity-Driven Auditing for Large Language Models",

abstract = "Auditing Large Language Models (LLMs) is a crucial and challenging task. In this study, we focus on auditing black-box LLMs without access to their parameters, only to the provided service. We treat this type of auditing as a black-box optimization problem where the goal is to automatically uncover input-output pairs of the target LLMs that exhibit illegal, immoral, or unsafe behaviors. For instance, we may seek a nontoxic input that the target LLM responds to with a toxic output or an input that induces the hallucinative response from the target LLM containing politically sensitive individuals. This black-box optimization is challenging due to the scarcity of feasible points, the discrete nature of the prompt space, and the large search space. To address these challenges, we propose Curiosity-Driven Auditing for Large Language Models (CALM), which uses intrinsically motivated reinforcement learning to finetune an LLM as the auditor agent to uncover potential harmful and biased input-output pairs of the target LLM. CALM successfully identifies derogatory completions involving celebrities and uncovers inputs that elicit specific names under the black-box setting. This work offers a promising direction for auditing black-box LLMs. Content warning: Please note that this paper includes examples that may be offensive.",

author = "Xiang Zheng and Longxiang Wang and Yi Liu and Xingjun Ma and Chao Shen and Cong Wang",

note = "Publisher Copyright: Copyright {\textcopyright} 2025, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025 ; Conference date: 25-02-2025 Through 04-03-2025",

year = "2025",

month = apr,

day = "11",

doi = "10.1609/aaai.v39i26.34991",

language = "英语",

series = "Proceedings of the AAAI Conference on Artificial Intelligence",

publisher = "Association for the Advancement of Artificial Intelligence",

number = "26",

pages = "27757--27764",

editor = "Toby Walsh and Julie Shah and Zico Kolter",

booktitle = "Special Track on AI Alignment",

edition = "26",

}

Zheng, X, Wang, L, Liu, Y, Ma, X, Shen, C & Wang, C 2025, CALM: Curiosity-Driven Auditing for Large Language Models. in T Walsh, J Shah & Z Kolter (eds), Special Track on AI Alignment. 26 edn, Proceedings of the AAAI Conference on Artificial Intelligence, no. 26, vol. 39, Association for the Advancement of Artificial Intelligence, pp. 27757-27764, 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025, Philadelphia, United States, 25/02/25. https://doi.org/10.1609/aaai.v39i26.34991

CALM: Curiosity-Driven Auditing for Large Language Models. / Zheng, Xiang; Wang, Longxiang; Liu, Yi et al.
Special Track on AI Alignment. ed. / Toby Walsh; Julie Shah; Zico Kolter. 26. ed. Association for the Advancement of Artificial Intelligence, 2025. p. 27757-27764 (Proceedings of the AAAI Conference on Artificial Intelligence; Vol. 39, No. 26).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - CALM

T2 - 39th Annual AAAI Conference on Artificial Intelligence, AAAI 2025

AU - Zheng, Xiang

AU - Wang, Longxiang

AU - Liu, Yi

AU - Ma, Xingjun

AU - Shen, Chao

AU - Wang, Cong

PY - 2025/4/11

Y1 - 2025/4/11

N2 - Auditing Large Language Models (LLMs) is a crucial and challenging task. In this study, we focus on auditing black-box LLMs without access to their parameters, only to the provided service. We treat this type of auditing as a black-box optimization problem where the goal is to automatically uncover input-output pairs of the target LLMs that exhibit illegal, immoral, or unsafe behaviors. For instance, we may seek a nontoxic input that the target LLM responds to with a toxic output or an input that induces the hallucinative response from the target LLM containing politically sensitive individuals. This black-box optimization is challenging due to the scarcity of feasible points, the discrete nature of the prompt space, and the large search space. To address these challenges, we propose Curiosity-Driven Auditing for Large Language Models (CALM), which uses intrinsically motivated reinforcement learning to finetune an LLM as the auditor agent to uncover potential harmful and biased input-output pairs of the target LLM. CALM successfully identifies derogatory completions involving celebrities and uncovers inputs that elicit specific names under the black-box setting. This work offers a promising direction for auditing black-box LLMs. Content warning: Please note that this paper includes examples that may be offensive.

AB - Auditing Large Language Models (LLMs) is a crucial and challenging task. In this study, we focus on auditing black-box LLMs without access to their parameters, only to the provided service. We treat this type of auditing as a black-box optimization problem where the goal is to automatically uncover input-output pairs of the target LLMs that exhibit illegal, immoral, or unsafe behaviors. For instance, we may seek a nontoxic input that the target LLM responds to with a toxic output or an input that induces the hallucinative response from the target LLM containing politically sensitive individuals. This black-box optimization is challenging due to the scarcity of feasible points, the discrete nature of the prompt space, and the large search space. To address these challenges, we propose Curiosity-Driven Auditing for Large Language Models (CALM), which uses intrinsically motivated reinforcement learning to finetune an LLM as the auditor agent to uncover potential harmful and biased input-output pairs of the target LLM. CALM successfully identifies derogatory completions involving celebrities and uncovers inputs that elicit specific names under the black-box setting. This work offers a promising direction for auditing black-box LLMs. Content warning: Please note that this paper includes examples that may be offensive.

UR - https://www.scopus.com/pages/publications/105004022598

U2 - 10.1609/aaai.v39i26.34991

DO - 10.1609/aaai.v39i26.34991

M3 - 会议稿件

AN - SCOPUS:105004022598

T3 - Proceedings of the AAAI Conference on Artificial Intelligence

SP - 27757

EP - 27764

BT - Special Track on AI Alignment

A2 - Walsh, Toby

A2 - Shah, Julie

A2 - Kolter, Zico

PB - Association for the Advancement of Artificial Intelligence

Y2 - 25 February 2025 through 4 March 2025

ER -

CALM: Curiosity-Driven Auditing for Large Language Models

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this