This study investigates how activation steering—a technique for enhancing the controllability of large language models—may inadvertently exacerbate vulnerabilities to jailbreak attacks. By establishing a unified safety evaluation protocol that integrates Contrastive Activation Addition (CAA), the JailbreakBench benchmark, and latent-space directional analysis, the work reveals, for the first time, a significant overlap between steering vectors and the latent directions associated with model refusal behaviors. This finding elucidates an inherent trade-off between controllability and safety. Empirical results across multiple mainstream large language models demonstrate that specific steering interventions can increase jailbreak success rates by up to 57% or reduce them by as much as 50%, confirming that activation steering exerts a substantial and bidirectional influence on model security.

Activation steering has emerged as a powerful tool to shape LLM behavior without the need for weight updates. While its inherent brittleness and unreliability are well-documented, its safety implications remain underexplored. In this work, we present a systematic safety audit of steering vectors obtained with Contrastive Activation Addition (CAA), a widely used steering approach, under a unified evaluation protocol. Using JailbreakBench as benchmark, we show that steering vectors consistently influence the success rate of jailbreak attacks, with stronger amplification under simple template-based attacks. Across LLM families and sizes, steering the model in specific directions can drastically increase (up to 57%) or decrease (up to 50%) its attack success rate (ASR), depending on the targeted behavior. We attribute this phenomenon to the overlap between the steering vectors and the latent directions of refusal behavior. Thus, we offer a traceable explanation for this discovery. Together, our findings reveal the previously unobserved origin of this safety gap in LLMs, highlighting a trade-off between controllability and safety.