SAFEDREAM Framework Proposes Early Jailbreak Detection for LLMs

A new research paper introduces SAFEDREAM, a framework designed to proactively detect multi-turn jailbreak attacks on large language models before harmful content is generated. The work addresses limitations in current safety methods, which often require costly modifications to model weights, evaluate conversational turns in isolation, and only identify attacks after compliance occurs. Multi-turn jailbreak attacks can achieve success rates over 90% by gradually eroding a model's safety alignment across seemingly harmless conversation turns. The proposed solution formulates a proactive early detection problem using a novel metric called detection lead, which measures how early an attack can be identified prior to the LLM's harmful response. SAFEDREAM operates as an external, lightweight module that avoids altering the underlying model's parameters. Its architecture includes a safety state world model that encodes the LLM's hidden states into a compact safety representation. The framework was detailed in a paper announced on arXiv with the identifier 2604.16824v1. Existing alignment-based techniques and guardrail methods are critiqued for their inability to model the cumulative nature of safety erosion across dialogue.