We introduce enhanced Constitutional Classifiers that deliver production-grade jailbreak robustness with dramatically reduced computational costs and refusal rates compared to previous-generation defenses. Our system combines several key insights. First, we develop exchange classifiers that evaluate model responses in their full conversational context, which addresses vulnerabilities in last-generation systems that examine outputs in isolation. Second, we implement a two-stage classifier cascade where lightweight classifiers screen all traffic and escalate only suspicious exchanges to more expensive classifiers. Third, we train efficient linear probe classifiers and ensemble them with external classifiers to simultaneously improve robustness and reduce computational costs. Together, these techniques yield a production-grade system achieving a 40x computational cost reduction compared to our baseline exchange classifier, while maintaining a 0.05% refusal rate on production traffic. Through extensive red-teaming comprising over 1,700 hours, we demonstrate strong protection against universal jailbreaks -- no attack on this system successfully elicited responses to all eight target queries comparable in detail to an undefended model. Our work establishes Constitutional Classifiers as practical and efficient safeguards for large language models.

翻译：我们提出了增强版宪法分类器，与上一代防御系统相比，该系统以显著降低的计算成本和拒绝率实现了生产级的越狱鲁棒性。我们的系统融合了多项关键洞见：首先，我们开发了能够评估模型在完整对话语境中响应的交换分类器，这解决了上一代系统孤立检测输出的脆弱性问题。其次，我们实现了两阶段级联分类架构，其中轻量级分类器对所有流量进行初步筛查，仅将可疑对话升级至计算成本更高的分类器。第三，我们训练了高效的线性探针分类器，并将其与外部分类器集成，在提升鲁棒性的同时降低计算开销。综合这些技术，我们构建的生产级系统相比基线交换分类器实现了40倍的计算成本降低，并在生产流量中保持0.05%的拒绝率。通过超过1,700小时的红队对抗测试，我们验证了该系统对通用越狱攻击的强大防御能力——所有针对该系统的攻击均未能成功诱使其对全部八个目标查询生成与无防御模型细节相当的响应。本研究确立了宪法分类器作为大语言模型实用高效安全防护方案的可行性。