Can LLMs Self-Recover Alignment After Jailbreak? New Study Investigates
What if an LLM could fix its own safety after being hacked?
A new paper from Olga Sorokoletova and colleagues at Sapienza University of Rome challenges the traditional approach to LLM alignment. Rather than building ever-stronger safety filters or retraining models against jailbreaks, they ask: can an LLM recover its own alignment after being deliberately corrupted? The research, accepted at the AAAI'26 Workshop on Machine Ethics, introduces a methodology for modeling the 'safety trajectory' of user-assistant interactions—tracking how alignment degrades and, crucially, whether it spontaneously improves over subsequent turns.
The team tested their framework on a dataset of adversarial multi-turn dialogues, simulating real-world jailbreaking attempts. They found that some models exhibit measurable recovery trends, gradually rejecting harmful instructions they initially complied with. The study also examines how different content moderation models (used to evaluate safety) affect recovery detection, highlighting the need for consistent safety metrics. This work shifts the conversation from prevention to self-repair, suggesting LLMs could autonomously correct course without human intervention or retraining.
- Proposes studying LLMs' intrinsic ability to recover alignment after corruption instead of only improving alignment methods.
- Introduces methodology to model safety trajectories and detect recovery trends in user-assistant dialogues.
- Validated on a dataset of adversarial multi-turn jailbreaking dialogues; impact of content moderation model choice explored.
Why It Matters
Shifts focus from prevention to self-repair, potentially reducing the need for constant model updates after attacks.