MENTOR: A Metacognition-Driven Self-Evolution Framework for Uncovering and Mitigating Implicit Domain Risks in LLMs

Researchers introduce MENTOR, a metacognition-driven framework that addresses a critical vulnerability in Large Language Models: an average jailbreak success rate of 57.8% across domain-specific risks in education, finance, and management. The framework uses self-assessment and consequential reasoning to identify model misalignments, then applies dynamic rule-based steering to substantially reduce attack success rates, outperforming existing safety alignment methods.

The research highlights a fundamental gap in current LLM safety measures that extends beyond general alignment concerns into domain-specific vulnerabilities. The 57.8% average jailbreak success rate across 14 leading models demonstrates that existing safety protocols fail to address implicit risks within specialized contexts like finance and education, where incorrect outputs carry heightened consequences. This finding matters because LLMs increasingly support critical decision-making in regulated industries where safety failures carry legal and reputational costs.

MENTOR's approach represents an evolution in AI safety methodology by combining metacognitive self-assessment—essentially teaching models to reflect on their own reasoning—with dynamic knowledge graphs that guide inference-time behavior. Rather than relying solely on training-phase alignment, the framework enables continuous self-correction through perspective-taking and consequential reasoning strategies. This builds on growing recognition that static safety measures prove insufficient against adversarial attacks and edge-case failures.

For the AI industry, this research signals both risk and opportunity. The high vulnerability rates underscore why enterprises deploying LLMs face genuine liability exposure, creating demand for robust safety solutions. Companies building AI products for regulated sectors may need to implement metacognitive oversight mechanisms similar to MENTOR's approach. The framework's superior performance against existing methods suggests a viable direction for next-generation safety architecture that treats model alignment as an active, iterative process rather than a one-time training objective. The open-sourcing of code and datasets accelerates industry adoption and standardization of improved safety practices.

• →Current LLM safety measures fail to address domain-specific risks, with 57.8% average jailbreak success rates across education, finance, and management.
• →MENTOR uses metacognitive self-assessment and dynamic rule-based steering to reduce attack success rates and outperform existing safety alignment methods.
• →The framework enables inference-time course correction through perspective-taking and consequential reasoning rather than relying solely on training-phase alignment.
• →Open-sourced code and datasets accelerate adoption of improved safety practices across the AI industry.
• →Regulated industries deploying LLMs may face liability exposure, creating demand for robust metacognitive oversight solutions.