DecodingTrust: A Comprehensive Assessment of Trustworthiness in GPT Models

Boxin Wang,Weixin Chen,Hengzhi Pei,Chulin Xie,Mintong Kang,Chenhui Zhang,Chejian Xu,Zidi Xiong,Ritik Dutta,Rylan Schaeffer,Sang T. Truong,Simran Arora,Mantas Mazeika,Dan Hendrycks,Zinan Lin,Yu Cheng,Sanmi Koyejo,Dawn Song,Bo Li

from arxiv, NeurIPS 2023 Outstanding Paper (Datasets and Benchmarks Track)

Generative Pre-trained Transformer (GPT) models have exhibited exciting progress in their capabilities, capturing the interest of practitioners and the public alike. Yet, while the literature on the trustworthiness of GPT models remains limited, practitioners have proposed employing capable GPT models for sensitive applications such as healthcare and finance -- where mistakes can be costly. To this end, this work proposes a comprehensive trustworthiness evaluation for large language models with a focus on GPT-4 and GPT-3.5, considering diverse perspectives -- including toxicity, stereotype bias, adversarial robustness, out-of-distribution robustness, robustness on adversarial demonstrations, privacy, machine ethics, and fairness. Based on our evaluations, we discover previously unpublished vulnerabilities to trustworthiness threats. For instance, we find that GPT models can be easily misled to generate toxic and biased outputs and leak private information in both training data and conversation history. We also find that although GPT-4 is usually more trustworthy than GPT-3.5 on standard benchmarks, GPT-4 is more vulnerable given jailbreaking system or user prompts, potentially because GPT-4 follows (misleading) instructions more precisely. Our work illustrates a comprehensive trustworthiness evaluation of GPT models and sheds light on the trustworthiness gaps. Our benchmark is publicly available at https://decodingtrust.github.io/; our dataset can be previewed at https://huggingface.co/datasets/AI-Secure/DecodingTrust; a concise version of this work is at https://openreview.net/pdf?id=kaHpo8OZw2.

翻译：生成式预训练Transformer（GPT）模型在其能力上展现出令人振奋的进步，吸引了从业者和公众的关注。然而，尽管关于GPT模型可信度的文献仍然有限，从业者已提议将功能强大的GPT模型应用于医疗和金融等敏感领域——在这些领域，错误可能代价高昂。为此，本文提出了一种针对大语言模型的全面可信度评估，重点关注GPT-4和GPT-3.5，从多个视角考虑，包括毒性、刻板偏见、对抗鲁棒性、分布外鲁棒性、对抗性示范鲁棒性、隐私、机器伦理和公平性。基于我们的评估，我们发现了先前未公开的可信度威胁漏洞。例如，我们发现GPT模型容易被误导生成有毒和有偏见的内容，并泄露训练数据和对话历史中的隐私信息。我们还发现，尽管GPT-4在标准基准测试中通常比GPT-3.5更可信，但在面对系统或用户提示的越狱攻击时，GPT-4更容易受到攻击，这可能是因为GPT-4更精确地遵循（误导性）指令。我们的工作展示了GPT模型的全面可信度评估，并揭示了可信度差距。我们的基准测试可在https://decodingtrust.github.io/公开获取；我们的数据集可在https://huggingface.co/datasets/AI-Secure/DecodingTrust预览；本文的简洁版本可在https://openreview.net/pdf?id=kaHpo8OZw2获取。

相关内容

MoDELS

关注 45

ACM/IEEE第23届模型驱动工程语言和系统国际会议，是模型驱动软件和系统工程的首要会议系列，由ACM-SIGSOFT和IEEE-TCSE支持组织。自1998年以来，模型涵盖了建模的各个方面，从语言和方法到工具和应用程序。模特的参加者来自不同的背景，包括研究人员、学者、工程师和工业专业人士。MODELS 2019是一个论坛，参与者可以围绕建模和模型驱动的软件和系统交流前沿研究成果和创新实践经验。今年的版本将为建模社区提供进一步推进建模基础的机会，并在网络物理系统、嵌入式系统、社会技术系统、云计算、大数据、机器学习、安全、开源等新兴领域提出建模的创新应用以及可持续性。官网链接：http://www.modelsconference.org/

【NeurIPS2021】用于文本图表示学习的 GNN 嵌套 Transformer 模型：GraphFormers

专知会员服务

46+阅读 · 2021年11月24日

Linux导论，Introduction to Linux，96页ppt

专知会员服务

82+阅读 · 2020年7月26日

FlowQA: Grasping Flow in History for Conversational Machine Comprehension

专知会员服务

34+阅读 · 2019年10月18日

Auto-Sizing the Transformer Network: Improving Speed, Efficiency, and Performance for Low-Resource Machine Translation

专知会员服务

50+阅读 · 2019年10月17日