Large language models (LLMs) are increasingly deployed for everyday tasks, including food preparation and health-related guidance. However, food safety remains a high-stakes domain where inaccurate or misleading information can cause severe real-world harm. Despite these risks, current LLMs and safety guardrails lack rigorous alignment tailored to domain-specific food hazards. To address this gap, we introduce FoodGuardBench, the first comprehensive benchmark comprising 3,339 queries grounded in FDA guidelines, designed to evaluate the safety and robustness of LLMs. By constructing a taxonomy of food safety principles and employing representative jailbreak attacks (e.g., AutoDAN and PAP), we systematically evaluate existing LLMs and guardrails. Our evaluation results reveal three critical vulnerabilities: First, current LLMs exhibit sparse safety alignment in the food-related domain, easily succumbing to a few canonical jailbreak strategies. Second, when compromised, LLMs frequently generate actionable yet harmful instructions, inadvertently empowering malicious actors and posing tangible risks. Third, existing LLM-based guardrails systematically overlook these domain-specific threats, failing to detect a substantial volume of malicious inputs. To mitigate these vulnerabilities, we introduce FoodGuard-4B, a specialized guardrail model fine-tuned on our datasets to safeguard LLMs within food-related domains.
翻译:大型语言模型(LLMs)日益被部署用于日常任务,包括食物准备和健康相关指导。然而,食品安全仍是一个高风险领域,不准确或误导性信息可能造成严重的现实危害。尽管存在这些风险,当前的LLMs和安全防护措施缺乏针对特定领域食品危害的严格对齐。为填补这一空白,我们提出了FoodGuardBench——首个包含3,339个基于FDA指南的查询的综合基准,旨在评估LLMs的安全性和鲁棒性。通过构建食品安全原理分类体系并采用代表性越狱攻击(如AutoDAN和PAP),我们系统评估了现有LLMs和防护措施。评估结果揭示了三个关键漏洞:首先,当前LLMs在食品相关领域的安全对齐稀疏,易受少数典型越狱策略影响;其次,一旦被攻破,LLMs常生成看似可行实则有害的指令,无形中助长恶意行为并带来实际风险;第三,现有基于LLM的防护措施系统性地忽视这些领域特定威胁,无法检测大量恶意输入。为缓解这些漏洞,我们提出了FoodGuard-4B——一个基于我们的数据集微调的专业防护模型,用于保障LLMs在食品相关领域的安全性。