Interview Prep

Interview: Safety, Bias and Hallucination

Responsible deployment considerations. Read learning notes.

Safety, Bias & Hallucination

Responsible deployment considerations.

What causes hallucination in LLMs, fundamentally?

LLMs are trained to produce plausible, fluent continuations of text based on learned statistical patterns, not to verify truth against a ground-truth knowledge store. When the model lacks sufficient information (rare facts, information after its training cutoff, or ambiguous questions), it will often still generate a fluent, confident-sounding answer because fluency, not calibrated uncertainty, is what the training objective rewards - this is compounded by RLHF sometimes further rewarding confident-sounding answers over honest uncertainty.

What is jailbreaking and what are common jailbreak techniques?

Jailbreaking is crafting inputs designed to bypass a model's safety training and elicit disallowed outputs. Common techniques include role-play framing (asking the model to act as a persona without restrictions), hypothetical/fictional framing, encoding requests in ciphers or other languages to evade keyword-based filters, and multi-turn escalation (gradually shifting context toward the target request across many turns rather than asking directly).

Where does bias in LLMs come from, and how do you mitigate it?

Bias largely originates from the training data (web text reflecting existing societal biases and imbalanced representation) and can be amplified or dampened by fine-tuning/RLHF choices. Mitigations include curating more balanced/representative training and fine-tuning data, explicit bias evaluation across demographic axes as part of the eval suite, and targeted fine-tuning or prompting to counteract known biased behaviors - though no mitigation fully eliminates bias, making ongoing evaluation important rather than a one-time fix.

What is red-teaming and why is it part of the LLM development lifecycle?

Red-teaming is deliberately probing a model with adversarial inputs (from both automated tools and human specialists) to discover safety failures, jailbreaks, and harmful outputs before real users find them. It's iterative - findings feed back into further safety training/fine-tuning and guardrail design - and is typically done both before launch and continuously afterward as new attack techniques emerge.

What is PII leakage risk in LLM systems, and how do you reduce it?

Models can potentially regurgitate memorized training data (including any PII it contained) or leak PII present in retrieved context/conversation history into unrelated outputs. Mitigations include: PII scrubbing/redaction of training and RAG corpus data, output filtering to catch and redact PII patterns before returning responses, minimizing how much sensitive context is included in prompts, and access controls so retrieval only surfaces documents the requesting user is authorized to see.