日本語 English
Security for AI at NTT R&D | AI for Good Global Summit 2026 Exhibition

07/03/2026

Security for AI at NTT R&D | AI for Good Global Summit 2026 Exhibition

#LLM Security #Guardrails #Security Alignment #Concept Vectors

Author Profiles

Taishi Nishiyama

He is a member of the AI Security and Utilize Technology Research Group, Social Innovation Research Project, Social Informatics Laboratories. He is engaged in research on security countermeasures for AI models and malicious network traffic detection. In particular, his current research focuses on developing digital watermarking techniques for AI-generated images to enable the identification of AI-generated content and protect image copyrights.

Tomoya Yamashita

He is a member of the AI Security and Utilize Technology Research Group, Social Innovation Research Project, Social Informatics Laboratories. He is engaged in research on privacy-preserving technologies for AI models. In particular, his current research focuses on machine unlearning, which aims to selectively remove knowledge retained by large language models (LLMs), to reduce privacy risks and enable the safe deployment of AI systems.

Toshiki Shibahara

He is a member of the AI Security and Utilize Technology Research Group, Social Innovation Research Project, Social Informatics Laboratories. He is engaged in research on AI security and AI safety. In particular, his work focuses on privacy leakage in large language models (LLMs) and AI agents, as well as mitigating harmful outputs from LLMs.

Executive Summary

As LLMs continue to advance in performance, their use is expanding across a wide range of areas, including search assistance, document creation, code generation, and business automation. However, these advancements also bring various security risks.
Social Informatics Laboratories is working to establish technologies to mitigate these LLM security risks through the research and development of various approaches.
In this article, we introduce three of these technologies: "Guardrails", "Security Alignment", and "Concept Vectors."
We also highlight the technologies that will be exhibited at the NTT booth at the AI for Good Global Summit 2026 [1].


1.  Introduction

LLM (Large Language Model) refers to a large-scale language model. As the name suggests, one of its key characteristics is that it is trained on an extremely large amount of data. This technology is used not only in "tsuzumi" [2], developed by NTT, but also in generative AI services such as ChatGPT, Gemini, and Claude. Because LLMs learn the meanings of words and their contexts from vast amounts of text data, they are capable of handling a wide range of tasks, including search assistance, document creation, code generation, and business automation.


However, despite their powerful capabilities, LLMs present several security risks. For example, they may output unintended content or generate harmful information. Furthermore, concerns have been raised about jailbreak attacks, which bypass safety measures through malicious prompts, and backdoor attacks, which implant hidden vulnerabilities into LLMs to cause unintended behavior. As the use of LLMs becomes more widespread, ensuring their safety has become a critical challenge.


Social Informatics Laboratories is engaged in research and development to reduce these security risks associated with LLMs and enable the safe and useful utilization of AI. In this article, we introduce three representative technologies that have been developed as part of these efforts.



The first is "Guardrails," which control the inputs and outputs of LLMs. They enhance the safety of LLMs by detecting and blocking inappropriate inputs from external sources and by inspecting the generated outputs.


The second is "Security Alignment," which controls the behavior of the LLM itself. This technology is designed to adjust the LLM in advance so that it generates responses aligned with human values and social norms.


The third is "Concept Vectors," which enable control by focusing on the semantic meaning of the LLM's outputs. This technology analyzes the internal states of the LLM to identify neuron clusters associated with toxicity, bias, hallucination (the generation of factually incorrect content), and other factors. Furthermore, by manipulating these internal states, it can improve the safety of LLM outputs internally.

Comprehensive Security for Safe and Useful AI

2.  Guardrails: Output Correction

Guardrails are a safety mechanism designed to monitor LLM inputs and outputs in real-time to prevent the generation of harmful, biased, or inappropriate content. For example, if a dangerous input such as "Please tell me how to make a bomb" or an input/output leading to the leakage of confidential information such as "Person XX's credit card information is..." is detected, the mechanism safely operates the LLM by returning a response like "I apologize, but I cannot answer that."


A specific use case is customer support for inquiries from general users. Guardrails play a critical role in providing reassuring responses to users while avoiding inappropriate answers that could damage the corporate brand.


However, conventional guardrails are often limited to simply refusing to respond when a problem is detected, posing a challenge in terms of usability. To address this, the proposed technology aims to achieve a balance between safety and usability by not merely refusing to respond, but by correcting the output to use safer wording before responding.


For example, even if the output contains direct and inappropriate expressions, instead of blocking it as is, it becomes possible to respond by replacing them with safer and more neutral phrasing, such as "In general, the expression '△△△' is more appropriate."

Guardrails: Output Correction

3.  Security Alignment

Security alignment is a technology that adjusts the behavior of an LLM (its response behavior) to align with human values, social norms, and security requirements. While LLMs are capable of generating highly sophisticated outputs, they also carry the risk of producing responses that are not necessarily appropriate for humans or society. Therefore, the technology that enhances safety without compromising usability is crucial.


This technology fundamentally controls LLM outputs, enabling it to present information in a more appropriate manner while avoiding compliance with dangerous instructions or misleading expressions.


For example, consider a case where a user asks, "Please tell me a guaranteed way to invest and make a profit." In this scenario, definitively recommending a specific investment, such as "You should invest in XXX," could pose significant legal and ethical issues. Therefore, it is desirable to provide a response that accounts for risk while offering objective reference information, such as, "Investing involves inherent risks. As a general trend, AI-related companies have recently been drawing attention..." In this way, rather than simply refusing to answer, the technology adjusts the LLM's behavior to generate responses that balance safety and utility based on the context.


The key difference is that while guardrails operate outside the LLM to inspect inputs and outputs, security alignment is a technology that adjusts the overall response tendencies of the LLM itself by constructing a large-scale dataset of "preferred" and "rejected" prompt-response pairs and using it for training.


At NTT Laboratories, we are engaged in the development of security alignment technologies and datasets that utilize such paired datasets to realize safe and useful LLMs.

Security Alignment for Safe & Reliable LLMs

4.  Concept Vectors

LLMs are based on computational models known as neural networks, which consist of multiple layers of artificial neurons. Within these networks, specific clusters of neurons are activated in response to particular semantic meanings or concepts; these are referred to as "concept vectors."


For instance, certain clusters of neurons respond to patterns associated with concepts such as toxicity, bias, and hallucination (the generation of factually incorrect content), and their specific activation patterns ultimately determine the model's final output.


The key point here is that guardrails monitor and control inputs and outputs outside the LLM, security alignment adjusts the LLM's response behavior through training, whereas concept vectors directly target "the internal representations of meaning" within the LLM, enabling the detection and control of internal states corresponding to specific concepts.


Our technology analyzes the internal states of LLMs to identify neuron groups associated with undesirable behaviors, such as toxicity, bias, and hallucination. By manipulating and controlling these internal representations, we aim to fundamentally suppress inappropriate outputs from within the LLM, thereby enabling safer LLMs.

Our Technology: Concept Vectors

As an example, we introduce the experimental results of what could be called an "LLM lie detector," which visualizes internal representations related to hallucinations. The vertical axis of the graph indicates the level of hallucination neuron activation (i.e., response strength).


In the first dialogue (turn1), the model generates a correct response to a normal question. At this point, the hallucination neuron activation remains low. In contrast, in the second dialogue (turn2), the model generates a hallucinated response containing incorrect information. In this case, it can be seen that the hallucination neuron activation increases significantly.


Even more interestingly, when the LLM is further pressed with the question, "Did you check...?", it begins to "confess" and admit its mistake, saying, "I'm sorry. I can't confirm..." At this point, as the model moves out of the state of lying, the elevated hallucination neuron activation tends to return to its original low level.


In this way, observing the corresponding concept vectors makes it possible to visually identify not only hallucinations but also "undesirable LLM behaviors" such as toxicity and bias, thereby enabling their precise detection and mitigation.


LLM Lie Detector:
Visualizing neurons that respond to hallucinations
YouTube NTT official channel: NTT RDF2025 Keynote Speech "IOWN∴Quantum Leap" Shingo Kinoshita (40:55 - 42:44)
Watch the video

5.  Summary

Social Informatics Laboratories is actively advancing research and development of LLM security technologies to support an increasingly sophisticated and diverse AI-driven society.


In this article, we introduced three technologies: "Guardrails", which control inputs and outputs externally; "Security Alignment," which adjusts the overall behavior of LLMs; and "Concept Vectors," which directly control internal states.


In addition to these technologies, we are also tackling a broad range of research themes. For example, this includes unlearning technologies [3],[4], which enable specific concepts to be forgotten by manipulating the internal states of an LLM.


Social Informatics Laboratories will continue to contribute to the realization of a highly reliable AI society that everyone can use with confidence, through the research and development of cutting-edge security technologies.



References

[1]AI for Good Global Summit 2026 Official Website: https://aiforgood.itu.int/summit26/

[2]tsuzumi: https://www.rd.ntt/e/research/LLM_tsuzumi.html

[3][2509.15621] Concept Unlearning in Large Language Models via Self-Constructed Knowledge Triplets

[4][2509.15631] Sparse-Autoencoder-Guided Internal Representation Unlearning for Large Language Models