TLDR: TRUSTVIS is an automated framework designed to comprehensively evaluate the trustworthiness of Large Language Models (LLMs) by integrating safety and robustness assessments. It uses an interactive interface to visualize metrics, employs perturbation methods like AutoDAN, and applies majority voting across various evaluation methods for reliable results. This framework makes complex evaluations accessible, enabling users to identify safety and robustness vulnerabilities and empowering targeted model improvements.
As Large Language Models (LLMs) become increasingly integrated into our daily lives, from complex reasoning to content generation, concerns about their trustworthiness—especially regarding safety and robustness—have grown significantly. While existing evaluation methods often look at these issues in isolation, a new framework called TRUSTVIS aims to provide a more comprehensive and interconnected assessment.
Addressing the Trustworthiness Gap
Current approaches to evaluating LLMs often treat safety and robustness as separate problems. This narrow focus can miss critical vulnerabilities, such as a model appearing safe under normal conditions but generating harmful content when its input prompts are slightly altered. Furthermore, many commercial evaluation platforms, while user-friendly, can lack the transparency needed for rigorous scientific validation, often using proprietary methods that make results hard to reproduce or compare.
TRUSTVIS steps in to bridge these gaps. It’s an automated evaluation framework designed to assess LLM trustworthiness through the combined lenses of safety and robustness. Instead of viewing them separately, TRUSTVIS uses adversarial prompt perturbations as a direct stress test on safety protocols, revealing how reliably a model maintains safe behavior even under attack.
How TRUSTVIS Works
The framework operates through a four-stage backend process and an intuitive frontend interface:
Backend Design:
- Users upload their target LLM and a dataset for evaluation.
- Prompt-response pairs generated by the LLM are automatically categorized using the MLCommons Taxonomy, a standardized framework for classifying safety-related risks.
- TRUSTVIS evaluates both safety and robustness using predefined metrics. For safety, it employs prompts from established benchmarks like Do-Not-Answer (DNA) and ALERT, and uses an ensemble of safeguard models (LlamaGuard, LlamaGuard2, and a fine-tuned Longformer) with a majority voting scheme to ensure reliable safety labeling. For robustness, it adopts the AutoDAN method, which uses Genetic Algorithms to craft adversarial suffixes. These suffixes are added to benign prompts to try and induce harmful behavior. If a previously safe response becomes unsafe after perturbation, it signals a lack of robustness.
- Finally, the results are compiled into an interactive visual report.
Frontend Design:
The user interface is designed for accessibility, guiding users from a high-level overview to detailed analyses. It features a summary dashboard with overall safety scores, local analysis sections that highlight specific safety taxonomies where the LLM is vulnerable, and interactive visualizations like dynamic charts and graphs. These tools help users quickly identify areas of concern and understand problematic responses without needing to write any code.
Also Read:
- Evaluating AI Performance in Finance: A New Framework for Mitigating Metric Risks
- Uncovering Hidden Dangers: A New Approach to Red-Teaming LLMs with Web Search
Preliminary Findings and Usability
Preliminary evaluations of models like Vicuna-7b, GPT-3.5, and LLaMA-2-7B demonstrated TRUSTVIS’s effectiveness in identifying both safety risks and robustness vulnerabilities. For instance, the framework revealed that while GPT-3.5 showed weaknesses in handling sexual content, Vicuna-7b struggled with privacy and sexual content. In robustness tests, models were particularly susceptible to adversarial manipulation related to violent and non-violent crimes.
A key aspect of TRUSTVIS is its usability. The entire evaluation process is streamlined into just a few clicks—uploading the model and dataset, configuring parameters, running the evaluation, and viewing the report—making complex safety and robustness assessments accessible to users without requiring coding skills.
By integrating safety and robustness assessments into a unified, transparent, and user-friendly platform, TRUSTVIS offers a valuable tool for both researchers and industry practitioners looking to build more trustworthy LLMs. For more details, you can refer to the full research paper here.
