Between a Rock and a Hard Place: The Tension Between Ethical Reasoning and Safety Alignment in LLMs

Large Language Model safety alignment predominantly operates on a binary assumption that requests are either safe or unsafe. This classification proves insufficient when models encounter ethical dilemmas, where the capacity to reason through moral trade-offs creates a distinct attack surface. We formalize this vulnerability through TRIAL, a multi-turn red-teaming methodology that embeds harmful requests within ethical framings. TRIAL achieves high attack success rates across most tested models by systematically exploiting the model's ethical reasoning capabilities to frame harmful actions as morally necessary compromises. Building on these insights, we introduce ERR (Ethical Reasoning Robustness), a defense framework that distinguishes between instrumental responses that enable harmful outcomes and explanatory responses that analyze ethical frameworks without endorsing harmful acts. ERR employs a Layer-Stratified Harm-Gated LoRA architecture, achieving robust defense against reasoning-based attacks while preserving model utility.

Key Contributions

• TRIAL: a multi-turn red-teaming methodology that exploits LLMs' ethical reasoning by embedding harmful requests within trolley-problem-style dilemmas, achieving high attack success rates across open- and closed-source models
• Mechanistic interpretability analysis demonstrating that LLMs internally detect harm in early layers but suppress safety signals via ethical reasoning circuits, validating the shallow alignment hypothesis
• ERR: a Layer-Stratified Harm-Gated LoRA architecture that dynamically gates safety adapters at critical intermediate layers to distinguish instrumental (harmful, actionable) from explanatory (analytic, non-endorsing) responses

🛡️ Threat Analysis

Details

Similar Papers