Skip to content
Sagan

Paper

Safety Context Injection: Inference-Time Safety Alignment via Static Filtering and Agentic Analysis

Unreadunread

AI summary

The authors propose Safety Context Injection (SCI), an inference-time safety framework for black-box reasoning models where you can't modify weights. SCI separates safety assessment from generation: an external module produces a structured risk report (the "safety context"), which is prepended to the user's prompt for the protected model. Two variants are offered—Static Model Filtering (SMF) for fast one-pass guarding, and Dynamic Agents Filtering (DAF), an iterative agentic loop that gathers and synthesizes evidence for ambiguous or long-context jailbreaks. Both variants reduce attack success rate and toxicity on AdvBench and GPTFuzz across base and reasoning models under five jailbreak families.

Main takeaways:

  • Addresses the "thinking–output gap" where a reasoning model appears cautious during chain-of-thought but still emits an unsafe final answer
  • Static Model Filtering (SMF) is a lightweight one-pass guard for low-latency deployment
  • Dynamic Agents Filtering (DAF) uses an agentic loop to iteratively gather evidence, effective when harmful intent is disguised or dispersed across long contexts
  • Evaluated on AdvBench and GPTFuzz under five jailbreak families (base and reasoning models); both variants lower attack success rate and toxicity
  • Operates at inference time in black-box settings, injecting an external safety report as context rather than retraining