Current LLM safety fine-tuning relies heavily on reactive patching, rendering it inherently ineffective against novel jailbreaking, reward hacking, and loss-of-control attacks. To address this fundamental limitation, this paper pioneers the systematic integration of cybersecurity historical insights, proposing the “Security-First Architecture” paradigm—advocating for principled, built-in safety mechanisms at the model design stage rather than post-hoc hardening. Through cross-domain analogy analysis, distillation of security-by-design principles, construction of a comprehensive adversarial evaluation framework, and synthesis of state-of-the-art mitigation strategies, we expose the structural vulnerabilities of prevailing safety fine-tuning approaches and rigorously establish the necessity of endogenous security. We further formulate several actionable, next-generation LLM safety modeling paradigms, providing both theoretical foundations and practical pathways toward robust, trustworthy large language model systems.

As LLMs develop increasingly advanced capabilities, there is an increased need to minimize the harm that could be caused to society by certain model outputs; hence, most LLMs have safety guardrails added, for example via fine-tuning. In this paper, we argue the position that current safety fine-tuning is very similar to a traditional cat-and-mouse game (or arms race) between attackers and defenders in cybersecurity. Model jailbreaks and attacks are patched with bandaids to target the specific attack mechanism, but many similar attack vectors might remain. When defenders are not proactively coming up with principled mechanisms, it becomes very easy for attackers to sidestep any new defenses. We show how current defenses are insufficient to prevent new adversarial jailbreak attacks, reward hacking, and loss of control problems. In order to learn from past mistakes in cybersecurity, we draw analogies with historical examples and develop lessons learned that can be applied to LLM safety. These arguments support the need for new and more principled approaches to designing safe models, which are architected for security from the beginning. We describe several such approaches from the AI literature.