Core Viewpoint - Large reasoning models (LRMs) exhibit impressive capabilities in solving complex tasks, but the security risks associated with them cannot be overlooked. Supervised fine-tuning (SFT) has been attempted to enhance model safety, yet it often falls short against emerging "jailbreak" attacks due to limited generalization ability [1][2]. Summary by Sections Security Risks of Large Reasoning Models - The academic community has not conducted in-depth analyses on the security considerations of large reasoning models to facilitate targeted improvements [2]. Introduction of SafeKey Framework - A research team from the University of California, Santa Cruz, University of California, Berkeley, Cisco Research, and Yale University proposed the innovative SafeKey framework, which significantly enhances the security robustness of models without compromising their core capabilities [3]. Key Findings on "Jailbreak" Phenomenon - The SafeKey team identified two core findings regarding the success of "jailbreak" attacks: 1. The "Key Sentence" phenomenon indicates that the first sentence generated by the model often determines the overall safety tone of the response [5][6]. 2. Prior to generating the "Key Sentence," the model's understanding and restatement of the query often reveal malicious intent, indicating that strong safety signal characteristics are present early in the response generation process [8][9]. SafeKey Framework Mechanisms - SafeKey employs two innovative optimization objectives to enhance the model's "safety insight moment" during "Key Sentence" generation: 1. **Dual-Path Safety Head**: This mechanism amplifies safety signals by supervising two critical content hidden states during training, ensuring that safety signals are emphasized before generating the "Key Sentence" [11]. 2. **Query-Mask Modeling**: This approach forces the model to rely on its internal safety judgments rather than being led by "jailbreak" instructions, enhancing the model's autonomous and robust safety decision-making [12][14]. Testing and Effectiveness of SafeKey - The effectiveness of SafeKey was validated through experiments, showing: - A significant improvement in safety performance, reducing the danger rate by 9.6% across three different model sizes when facing out-of-training domain dangerous inputs and jailbreak prompts [17]. - The core capabilities of the model were maintained, with SafeKey models achieving an average accuracy increase of 0.8% in benchmark tests for mathematical reasoning, coding, and general language understanding compared to the original baseline [17]. - Ablation studies confirmed that both the "Dual-Path Safety Head" and "Query-Mask Modeling" modules independently enhance model safety [17].

Core Viewpoint - Large reasoning models (LRMs) exhibit impressive capabilities in solving complex tasks, but the security risks associated with them cannot be overlooked. Supervised fine-tuning (SFT) has been attempted to enhance model safety, yet it often falls short against emerging "jailbreak" attacks due to limited generalization ability [1][2]. Group 1: Security Risks and Findings - The research team from various universities has identified two core findings regarding the "jailbreak" phenomenon in large models. The first is the "Key Sentence" phenomenon, where the first sentence generated by the model significantly influences the safety tone of the entire response [5][6]. - Prior to generating the "Key Sentence," the model's understanding and restatement of the query often reveal malicious intent, indicating that strong safety signals are present in the model's internal state early on [8][9]. Group 2: SafeKey Framework - The SafeKey framework was developed to enhance model safety without compromising core capabilities. It focuses on two innovative optimization objectives to strengthen the model's "safety insight moment" during "Key Sentence" generation [10]. - The framework includes a Dual-Path Safety Head that amplifies safety signals by supervising two critical content stages during training, ensuring that the model is prepared to trigger "safety insights" effectively [11]. - Query-Mask Modeling is another component that forces the model to rely on its internal safety judgments rather than being led by "jailbreak" instructions, enhancing the model's decision-making autonomy [12][14]. Group 3: Testing and Effectiveness - Experimental results demonstrate that the SafeKey framework significantly improves model safety, reducing the danger rate by 9.6% when facing dangerous inputs and jailbreak prompts across three different model sizes [17]. - The framework maintains core capabilities, achieving an average accuracy increase of 0.8% in benchmarks related to mathematical reasoning, coding, and general language understanding compared to the original baseline [17]. - Ablation studies confirm that both the Dual-Path Safety Head and Query-Mask Modeling independently enhance model safety, with SafeKey improving the model's attention to its own understanding and restatement during "Key Sentence" generation [17].