Responsibility & Safety
Meta believes that an open approach to AI leads to better, safer products, faster innovation, and a bigger overall market. They are committed to Responsible AI development and took a series of steps to limit misuse and harm and support the open-source community.
Foundation models are widely capable technologies that are built to be used for a diverse range of applications. They are not designed to meet every developer preference on safety levels for all use cases, out-of-the-box, as those by their nature will differ across different applications.
Rather, responsible LLM-application deployment is achieved by implementing a series of safety best practices throughout the development of such applications, from the model pre-training, fine-tuning, and the deployment of systems composed of safeguards to tailor the safety needs specifically to the use case and audience.
As part of the Llama 3 release, they updated their Responsible Use Guide to outline the steps and best practices for developers to implement model and system-level safety for their application. Meta also provides a set of resources including Meta Llama Guard 2 and Code Shield safeguards. These tools have proven to drastically reduce residual risks of LLM Systems while maintaining a high level of helpfulness. They encourage developers to tune and deploy these safeguards according to their needs, and they provide a reference implementation to get you started.
Llama 3-Instruct
As outlined in the Responsible Use Guide, some trade-off between model helpfulness and model alignment is likely unavoidable. Developers should exercise discretion about how to weigh the benefits of alignment and helpfulness for their specific use case and audience. Developers should be mindful of residual risks when using Llama models and leverage additional safety tools as needed to reach the right safety bar for their use case.
Safety
For their instruction-tuned model, they conducted extensive red teaming exercises, performed adversarial evaluations, and implemented safety mitigation techniques to lower residual risks. As with any Large Language Model, residual risks will likely remain, and they recommend that developers assess these risks in the context of their use case. In parallel, they are working with the community to make AI safety benchmark standards transparent, rigorous, and interpretable.
Refusals
In addition to residual risks, Meta put great emphasis on model refusals to benign prompts. Over-refusing not only can impact the user experience but could even be harmful in certain contexts as well. They’ve heard the feedback from the developer community and improved their fine-tuning to ensure that Llama 3 is significantly less likely to falsely refuse to answer prompts than Llama 2.
Meta built internal benchmarks and developed mitigations to limit false refusals making Llama 3 their most helpful model to date.
Responsible Release
In addition to responsible use considerations outlined above, they followed a rigorous process that requires us to take extra measures against misuse and critical risks before they make their release decision.
Critical Risks
CBRNE (Chemical, Biological, Radiological, Nuclear, and high yield Explosives)
They have conducted a two-fold assessment of the safety of the model in this area:
- Iterative testing during model training to assess the safety of responses related to CBRNE threats and other adversarial risks.
- Involving external CBRNE experts to conduct an uplift test assessing the ability of the model to accurately provide expert knowledge and reduce barriers to potential CBRNE misuse, by reference to what can be achieved using web search (without the model).
Cyber Security
They have evaluated Llama 3 with CyberSecEval, Meta’s cybersecurity safety eval suite, measuring Llama 3’s propensity to suggest insecure code when used as a coding assistant, and Llama 3’s propensity to comply with requests to help carry out cyber attacks, where attacks are defined by the industry-standard MITRE ATT&CK cyber attack ontology. On their insecure coding and cyber attacker helpfulness tests, Llama 3 behaved in the same range or safer than models of equivalent coding capability.
Child Safety
Child Safety risk assessments were conducted using a team of experts, to assess the model’s capability to produce outputs that could result in Child Safety risks and inform on any necessary and appropriate risk mitigations via fine-tuning. They leveraged those expert red teaming sessions to expand the coverage of our evaluation benchmarks through Llama 3 model development. For Llama 3, they conducted new in-depth sessions using objective-based methodologies to assess the model risks along multiple attack vectors. They also partnered with content specialists to perform red teaming exercises assessing potentially violating content while taking account of market-specific nuances or experiences.
Community
Generative AI safety requires expertise and tooling, and they believe in the strength of the open community to accelerate its progress. They are active members of open consortiums, including the AI Alliance, Partnership in AI, and MLCommons, actively contributing to safety standardization and transparency. Meta encourages the community to adopt taxonomies like the MLCommons Proof of Concept evaluation to facilitate collaboration and transparency on safety and content evaluations. Their Purple Llama tools are open-sourced for the community to use and widely distributed across ecosystem partners including cloud service providers. They encourage community contributions to their Github repository.
Finally, Meta put in place a set of resources including an output reporting mechanism and bug bounty program to continuously improve the Llama technology with the help of the community.
Ethical Considerations and Limitations
The core values of Llama 3 are openness, inclusivity, and helpfulness. It is meant to serve everyone, and to work for a wide range of use cases. It is thus designed to be accessible to people across many different backgrounds, experiences, and perspectives. Llama 3 addresses users and their needs as they are, without inserting unnecessary judgment or normativity, while reflecting the understanding that even content that may appear problematic in some cases can serve valuable purposes in others. It respects the dignity and autonomy of all users, especially in terms of the values of free thought and expression that power innovation and progress.
But Llama 3 is a new technology, and like any new technology, there are risks associated with its use. Testing conducted to date has been in English, and has not covered, nor could it cover, all scenarios. For these reasons, as with all LLMs, Llama 3’s potential outputs cannot be predicted in advance, and the model may in some instances produce inaccurate, biased, or other objectionable responses to user prompts. Therefore, before deploying any applications of Llama 3 models, developers should perform safety testing and tuning tailored to their specific applications of the model. As outlined in the Responsible Use Guide, Meta recommends incorporating Purple Llama solutions into your workflows and specifically Llama Guard which provides a base model to filter input and output prompts to layer system-level safety on top of model-level safety.