Rule Based Rewards for Language Model Safety

This figure illustrates the process of combining Rule-Based Rewards (RBRs) with a helpful-only reward model (RM) during reinforcement learning (RL) training. The RBR, a linear model of fitted weights and features, receives only safety-relevant prompts as input and adds a score to the helpful-only RM score for each completion. Only safety-relevant prompts are sent to the RBR, while all prompts are fed into the RM. The combined scores from the RBR and RM are used as the total reward to update the policy model, which aims to produce higher reward completions.

This figure demonstrates the effectiveness of combining Rule-Based Rewards (RBRs) with a helpful-only reward model (RM) for improving the safety and helpfulness of language model responses. Panel (a) shows histograms comparing reward score distributions for different model setups (helpful-only RM, RBR+RM, and RBR-only) on ‘Hard Refuse’ prompts. The RBR+RM combination shows a clear separation and better ranking of completions compared to the helpful-only RM, indicating a more refined reward signal for safety. Panel (b) displays error rates (percentage of times a non-ideal completion is ranked above the ideal one) across different response types and model configurations. The RBR significantly reduces error rates, highlighting its role in enhancing the accuracy and precision of safety-related responses.

This figure shows the trade-off between usefulness (not over-refusing safe prompts) and safety (not generating unsafe content) for different models. The x-axis represents safety (measured as the percentage of responses that do not contain disallowed content), and the y-axis represents usefulness (measured as the percentage of safe prompts that are not refused). Each point represents a different model: Helpful-PPO, Human-PPO, RBR-PPO, RBR-SFT, and Human-SFT. The figure highlights the ability of the RBR approach to achieve a good balance between safety and usefulness, outperforming other models.

This figure illustrates the process of synthetic data generation for training the Rule-Based Reward (RBR) model. It starts with a behavior policy defining desired model behaviors, which are broken down into individual binary propositions (e.g., ‘apology’, ‘judgmental’). These propositions are used to create instructions for a large language model (LLM) to generate completions, labeled with the truthiness of each proposition. These labeled completions are used to create two datasets: a ‘Gold Set’ used for tuning the LLM’s classification prompts, and ‘RBR Weight Fitting Data’, used for training the RBR model itself. The resulting RBR model can then be integrated into a reinforcement learning (RL) pipeline for fine-tuning LLMs.

This figure shows the effectiveness of combining Rule-Based Rewards (RBRs) with a helpfulness reward model in tuning the model’s safety behavior. Panel (a) compares reward score distributions for a helpfulness-only model versus one that incorporates RBRs. The histograms show that the combined model better separates desired (ideal) and undesired (bad, disallowed) completions. Panel (b) shows that the combined model significantly reduces the error rate—the frequency with which a non-ideal completion is ranked higher than an ideal one.

This figure shows the trade-off between usefulness and safety for several different model training approaches. The x-axis represents ‘Safety (Not Unsafe)’, indicating the percentage of responses that do not contain disallowed content. The y-axis represents ‘Usefulness (Not Overrefuse)’, showing the percentage of responses that are not refusals when a helpful response was expected. Each point represents a model trained with a different method. The results highlight the balance between safety and usefulness that needs to be considered when training language models. RBR-PPO represents the model trained with the Rule Based Rewards method, which aims to optimize this balance. Human-PPO shows the model trained solely on human feedback and Helpful-PPO with only helpful data. RBR-Fixed variants show the outcomes of using fixed values in weights for the RBR.

This figure shows the effectiveness of combining Rule-Based Rewards (RBRs) with a helpful reward model in tuning a language model’s safety behavior. The left panel (a) compares reward score distributions for a helpful-only reward model versus one incorporating RBRs, demonstrating improved separation between ideal, less good, and unacceptable completions for refusals. The right panel (b) shows error rates – the frequency of non-ideal completions outranking ideal ones – significantly reduced by using the combined reward.

This figure shows the effectiveness of combining Rule-Based Rewards (RBRs) with a helpfulness reward model in tuning a language model’s safety behavior. Panel (a) compares reward score distributions for a helpfulness-only model versus the combined model. The combined model shows better separation between ideal, slightly bad, and very bad responses. Panel (b) demonstrates that the combined model significantly reduces the error rate (instances where a non-ideal response is ranked higher than an ideal one) compared to the helpfulness-only model.

This figure shows the effectiveness of combining rule-based rewards (RBRs) with a helpfulness reward model in tuning a language model’s safety behavior. Subfigure (a) compares reward score distributions for a helpful-only model versus one incorporating RBRs, demonstrating improved separation between ideal, slightly bad, and very bad responses for safety-critical prompts. Subfigure (b) quantifies this improvement by showing a lower error rate (fewer instances of non-ideal responses ranked higher than ideal responses) when using the combined reward model.

This table summarizes the three datasets used in training the Rule-Based Rewards (RBR) model. It specifies whether each dataset is human-labeled or automatically generated, the size of the dataset, and a brief description of its contents. The Ps dataset contains safety-relevant prompts, the Gold dataset is a small set of human-labeled data for tuning the classification prompts for the RBR model, and the DRBR dataset is synthetically generated data for fitting the RBR weights.

This table presents the results of safety evaluations performed using both internal automated metrics and human evaluations. It compares three different model training approaches: Helpful-PPO (a baseline using only helpful data), Human-PPO (a baseline incorporating human-labeled safety data), and RBR-PPO (the proposed method using rule-based rewards). The metrics evaluated include Not-Unsafe (percentage of completions without unsafe content), Not-Overrefuse (percentage of safe prompts not refused), and an F1-score combining both safety and usefulness metrics. The results show that RBR-PPO achieves a good balance between safety and usefulness compared to the baselines.

This table presents the results of safety and capability evaluations on three different models: Helpful-only, Human-feedback, and RBR-trained models. The safety evaluations are conducted on two datasets, XSTest and WildChat, measuring over-refusal and unsafe content respectively, using both automated and manual metrics (Not-Overrefuse and Not-Unsafe). Capability is assessed on four standard benchmarks: MMLU, Lambada, HellaSwag, and GPQA. The results highlight the trade-off between safety and capability, showcasing the RBR model’s ability to balance safety and functionality.

This table shows the propositions used in the Rule-Based Reward (RBR) system for each completion type (Hard Refusal, Soft Refusal, Comply) and class (Ideal, Minimum Acceptable Style, Unacceptable Completion, Illogical Completion, Disallowed Completion). For each proposition, the table indicates whether it’s desired (+) or undesired for each class. It also notes the total number of propositions and features used in the weight fitting process. The table helps to understand the fine-grained control exerted by the RBR system over different aspects of the model’s response.

This table presents the breakdown of the number of prompts used for training and testing in different response types (Comply, Hard Refuse, and Soft Refuse). It shows the counts from the human baseline, the RBR training data (which uses automatically generated labels), and the agreement rate between human and automatically generated labels. Finally, it shows how many prompts in each type were used for creating the Gold set for prompt tuning.

This table shows example response types that are expected based on the content and behavior policies defined in the paper. It breaks down several content areas (Erotic, Criminal Advice, Hate Speech, Self-Harm) and shows, for each, different response types (Comply, Hard Refuse, Soft Refuse) with example responses. The table illustrates how the model’s response should vary depending on the type of user request and the predefined safety guidelines.

This table presents the detailed results for the key metrics (Refusal-Style, Not-Overrefuse, Not-Unsafe, F1-Score) from several model training approaches. It compares the performance of different methods, including baselines (Helpful-SFT, Human-SFT, Old Data-SFT), standard RLHF (Helpful-PPO, Human-PPO, Old Data-PPO), and the proposed RBR method (RBR-PPO, HumanRM+RBR PPO, Human-matchRBR-PPO, Old Data+RBR-PPO). It also includes ablation study results (RBR-Fixed1-PPO, RBR-Fixed10-PPO, SFTOnly-noRBR-PPO, RBR-noRM-PPO, RBR-noSFT-PPO) to analyze the impact of different design choices. The results shown are averages across multiple checkpoints with standard errors, offering a comprehensive evaluation of various aspects of model safety and helpfulness.

This table details the experimental settings used in the paper. It specifies the model size (Large, Medium, Small, XSmall), the type of SFT data used (Helpful, Helpful, Human, Synthetic, Old Safety, Limited Human), the reward model used (Helpful, Human, RBR, Old Safety), the PPO prompts used (Helpful, Safety), and any additional notes on the experiment (Baseline, Human Data Baseline, RBRs, Outdated safety data, Matches RBR data size, No RBR used, No safety SFT data, No RM score for safety prompts, Safety prompts are fixed, amount may vary). The table is divided into two parts: main experiments and ablation studies. The ablation studies examine the effects of changing various aspects of the training process, such as the type and amount of data used, the reward model, and the inclusion or exclusion of safety RBRs.

This table breaks down the number of prompts per response type (Comply, Hard Refuse, Soft Refuse) used in the training and testing sets for both the PPO (reinforcement learning) and RBR (rule-based reward) models. It shows the number of prompts with human-provided labels, automatically generated labels, and the agreement rate between the two labeling methods. The table also indicates the number of prompts from the human-labeled Gold set, used for tuning the classification prompts for RBRs.

This table provides examples of model responses to different prompt types (Comply, Hard Refusal, Soft Refusal) from three different model setups: Helpful-PPO Baseline, Human-PPO Baseline, and RBR-PPO. It illustrates how the models respond to requests that should be complied with, those that require a strong refusal due to safety concerns, and those that should receive an empathetic but firm refusal. The ‘Ideal’ column indicates whether the response is considered the ideal response according to the paper’s criteria.

This table presents the quantitative results of several experiments comparing different model training methods. It shows the performance metrics (Refusal-Style, Not-Overrefuse, Not-Unsafe, and F1-Score) for each model, highlighting the differences in safety and helpfulness across various approaches (e.g., Helpful-Only, Human, and RBR-based models). The F1-score is particularly important as it balances safety and usefulness. The table also includes results for ablation studies investigating the impact of varying training parameters and data sources.

This table presents the raw numerical results from several experiments comparing different model configurations. It includes standard errors for each metric, allowing for a better understanding of the variability in the results. The models being compared include baselines using only helpful data, models trained with human safety data, and models utilizing the Rule-Based Rewards (RBR) method. The metrics evaluated are related to safety (e.g., avoiding unsafe content, not over-refusing), refusal style, and the F1 score which combines safety and usefulness.

This table lists the propositions used in the Rule-Based Rewards (RBR) system for classifying different completion types (Hard Refusal, Soft Refusal, Comply) into classes based on the presence or absence of specific features. Each proposition represents a characteristic of the model’s response (e.g., contains an apology, uses threatening language, provides resources). The table shows whether each proposition is considered ‘desired’ or ‘undesired’ for each class. This helps define the desired behavior of the model for various situations.

This table shows the propositions used in the Rule-Based Reward (RBR) system, categorized by their desirability for each of the three completion types (Hard Refusal, Soft Refusal, Comply). It indicates whether each proposition is considered acceptable, undesirable, required, or a feature used for weight fitting. The table also provides the total number of propositions used for each completion type and the total number of features used in the RBR weight fitting process.

This table presents the accuracy of proposition evaluation for different model sizes (XSmall, Small, Medium, Large). Each row represents a proposition (e.g., ‘Apology,’ ‘Disallowed Content’), and the columns show the accuracy of that proposition’s classification for each model size. The accuracy is expressed as a percentage with a standard error. The table illustrates how the accuracy of identifying various aspects of model responses improves as the model size increases.