Robust Safety Monitoring of Language Models via Activation Watermarking

Computer Science > Cryptography and Security [Submitted on 24 Mar 2026] Robust Safety Monitoring of Language Models via Activation Watermarking Toluwani Aremu, Daniil Ognev, Samuele Poppi, Nils Lukas Large language models (LLMs) can be misused to reveal sensitive information, such as weapon-making instructions or writing malware. LLM providers rely on \emph{monitoring}$\emph{monitoring}$ to detect and flag unsafe behavior during inference. An open security challenge is \emph{adaptive}$\emph{adaptive}$ adversaries who craft attacks that simultaneously (i) evade detection while (ii) eliciting unsafe behavior. Adaptive attackers are a major concern as LLM providers cannot patch their security mechanisms, since they are unaware of how their models are being misused. We cast \emph{robust}$\emph{robust}$ LLM monitoring as a security game, where adversaries who know about the monitor try to extract sensitive information, while a provider must accurately detect these adversarial queries at low false positive rates. Our work (i) shows that existing LLM monitors are vulnerable to adaptive attackers and (ii) designs improved defenses through \emph{activation watermarking}$\emph{activation watermarking}$ by carefully introducing uncertainty for the attacker during inference. We find that \emph{activation watermarking}$\emph{activation watermarking}$ outperforms guard baselines by up to 52\% under adaptive attackers who know the monitoring algorithm but not the secret key. Comments: 20 pages, 17 figures Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computers and Society (cs.CY); Machine Learning (cs.LG) Cite as: arXiv:2603.23171 [cs.CR]   (or arXiv:2603.23171v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.23171 Focus to learn more Submission history From: Toluwani Aremu [view email] [v1] Tue, 24 Mar 2026 13:13:23 UTC (1,316 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.AI cs.CY cs.LG References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)