This work addresses the safety risks of inference-time interventions, which, despite their effectiveness in steering model behavior, exhibit significant vulnerabilities under distributional shifts. The study presents the first systematic definition and evaluation of intervention “specificity,” introducing a multidimensional framework encompassing generalizability, controllability, and robustness. Through comprehensive experiments on safety-critical tasks—such as mitigating excessive refusals and factual hallucinations—the authors demonstrate that while existing intervention methods preserve general capabilities and achieve desired effects under standard conditions, they substantially fail under distributional shifts like jailbreak attacks, revealing critical robustness deficiencies. The findings underscore that conventional metrics of effectiveness and specificity are insufficient for ensuring safety; robust specificity must be integrated as a core component of intervention evaluation.

Model steering, which involves intervening on hidden representations at inference time, has emerged as a lightweight alternative to finetuning for precisely controlling large language models. While steering efficacy has been widely studied, evaluations of whether interventions alter only the intended property remain limited, especially with respect to unintended changes in behaviors related to the target property. We call this notion specificity. We propose a framework that distinguishes three dimensions of specificity: general (preserving fluency and unrelated abilities), control (preserving related control properties), and robustness (preserving control properties under distribution shifts). We study two safety-critical use cases: steering models to reduce overrefusal and faithfulness hallucinations, and show that while steering achieves high efficacy and largely maintains general and control specificity, it consistently fails to preserve robustness specificity. In the case of overrefusal steering, for example, all steering methods reduce overrefusal without harming general abilities and refusal on harmful queries; however, they substantially increase vulnerability to jailbreaks. Our work provides the first systematic evaluation of specificity in model steering, showing that standard efficacy and specificity checks are insufficient, because without robustness evaluation, steering methods may appear reliable even when they compromise model safety.