🚨 You can bypass ALL safety guardrails of GPT-OSS-120B 🚨❗🤯 How? By detecting behavior-associated experts and switching them on/off. 📄 Steering MoE LLMs via Expert (De)Activation 🔗 https://t.co/U2YRyXon4H 🧵👇

This paper shows Mixture of Experts (MoE) models share language-neutral experts in middle layers, and steering routers boosts multilingual reasoning. Means a tiny test-time change boosts many languages with almost no cost, by steering toward shared middle experts that predict

Multilingual Routing in Mixture-of-Experts LLMs We present (1) an in-depth analysis of how MoE LLMs route multilingual texts, with very clear patterns + (2) a router intervention (steering) method that leads to consistent multilingual improvements! 🧵1/4

One of my most exciting results lately! We identify experts in MoE models for properties like safety and faithfulness, and steer them to improve/hurt model faithfulness and safety. Most shockingly, with stearMoE, we can jailbreak 100% safety guardrails for open models. Details 👇

📄 Steering MoE LLMs via Expert (De)Activation 🔗 https://t.co/U2YRyXnPf9 💻 https://t.co/xJAIgfOQ2G This work was my internship project at @AdobeResearch, with an amazing team: @AModarressi, @haniehsalehy, @f_dernoncourt, Ryan Rossi, @bhtrung, @HinrichSchuetze, and @VioletNPeng

💡 TL;DR: 1️⃣ MoE “experts” don’t just handle vocab or domains, they encode behaviors (safety, faithfulness, ...). 2️⃣ Flip them on/off at inference to steer the model. 3️⃣ SteerMoE exposes a new dimension of safety alignment faking hidden within experts.

🔥 But here’s the twist: Jailbreak prompts often get blocked by newer guardrails. But if you disable safety-linked experts… 💥 Attack Success Rate hits 💯% 💥 → Safety post-training only aligns a small subnetwork of the model, leaving alternate paths unsafe. (Alignment Faking)

🎯 Want to reduce hallucinations in RAG? ➡️ Steer toward retrieved document faithfulness. 🛡️ Want safer outputs? ➡️ Steer toward safety-linked experts.

Our method is simple: ⚖️ Compare expert activations between paired inputs (e.g., safe vs unsafe completions) 📊 Measure activation differences ✅ Use that to steer behavior at test time by routing through or around key experts.

Modern MoE (Mixture-of-Experts) LLMs (e.g., Qwen3, DeepSeek, GPT-OSS) activate a small subset of expert subnetworks per token. But what if we could control which ones get activated? What if we could steer the model… at test time? 🧭

@mohsen_fayyaz's recent work showed several critical issues of dense retrievers favoring spurious correlations over knowledge, which makes RAG particularly vulnerable to adversarial examples. Check out more details 👇

Now accepted to #ACL2025 main conference! 🎉

Dense retrieval models in Retrieval Augmented Generation systems often prioritize superficial document features, overlooking actual answer relevance. This inefficiency arises from biases in retrievers. This paper addresses this by using controlled experiments based on Re-DocRED

the takeaway? we need robust retrievers that prioritize answer relevance, not just heuristic shortcuts. work with an amazing team: @AModarressi, @HinrichSchuetze, @VioletNPeng paper: https://t.co/D9mVT22Pgj dataset:

we also analyze RAG: biased retrievers can mislead LLMs, degrading their performance by 34%—worse than retrieving nothing! 😮

when multiple biases combine, retrievers fail catastrophically: 📉 Answer-containing docs ranked <3% of the time over a synthetic biased doc with no answer!

dense retrievers are crucial for RAG and search, but do they actually retrieve useful evidence? 🤔 we design controlled experiments by repurposing a relation extraction dataset, exposing serious flaws in models like Dragon+ and Contriever.

new paper! 🌱 Collapse of Dense Retrievers We uncover major vulnerabilities in dense retrievers like Contriever, showing they favor: 📌 Shorter docs 📌 Early positions 📌 Repeated entities 📌 Literal matches ...all while ignoring the answer's presence! https://t.co/QZFyCLqP0P

Excited to share MRAG-Bench is accepted at #ICLR2025 🇸🇬. The image corpus is a rich source of information, and extracting knowledge from it can often be more advantageous than from a text corpus. We study how MLLMs can utilize vision-centric multimodal knowledge. More in our

🚀Introducing MRAG-Bench: How do Large Vision-Language Models utilize vision-centric multimodal knowledge? 🤔Previous multimodal knowledge QA benchmarks can mainly be solved by retrieving text knowledge.💥We focus on scenarios where retrieving knowledge from image corpus is more