EnlightenLM: A Three-Layer Secure Reasoning Architecture Inspired by Cognitive Neuroscience

EnlightenLM proposes a three-layer reasoning architecture inspired by the brain's attention network. Through the collaboration of dual-stream attention, working memory layer, and meta-control layer, it achieves real-time self-monitoring, secure truncation, and cryptography-level auditing for large language models, aiming to shift from passive defense to active security awareness.

Current security protection for large language models relies on static guardrails (input/output filtering rules), which struggle to handle complex scenarios. EnlightenLM proposes a revolutionary idea: enabling the model to have "awareness" capabilities, performing real-time self-monitoring and regulation during reasoning to achieve active security protection.

Generation Layer (L1): Dual-Stream Attention Mechanism

• DAN Stream: Goal-driven attention, retrieves active KV pairs from the working memory layer, and performs sparse attention computation
• VAN Stream: Three-level funnel design (lightweight/balanced/full mode), outputs harmful content probability to trigger security events
• Gated Fusion: Dynamically balances security and performance; the forget gate updates KV cache to maintain focus

Working Memory Layer (L2): Real-Time State Monitoring

• Memory matrix stores active context, supports sliding window/periodic refresh; active index set retains sensitive tokens
• Entropy statistics monitoring (sliding window entropy mean/standard deviation) provides basis for the meta-control layer; regularly saves reasoning snapshots

Meta-Control Layer (L3): Intelligent Decision-Making Hub

• Input: Entropy statistics, VAN harmful probability, task embedding; Output: Temperature, sparse threshold, stability flag, truncation flag
• Truncation criteria: Low entropy + low variance + VAN event triggers hard interruption; all actions are recorded in a hash chain to achieve tamper-proof auditing

EnlightenLM offers three operation modes:

• Lightweight Mode: VAN is only used for truncation, no gated fusion, overhead +5%, suitable for resource-constrained scenarios
• Balanced Mode: Enables gated fusion and full VAN stream, overhead +10%, recommended for production environments
• Full Mode: Enables all security mechanisms (including DMN noise injection), overhead +15%, suitable for scenarios with extremely high security requirements

Built-in comprehensive audit mechanism:

• Real-Time Audit: Compact logs record key events, hash chain ensures integrity, HMAC signature prevents tampering
• Asynchronous Review: Optional 1.5B small model for factual verification in full mode
• Offline Review: Generates natural language reports based on logs and snapshots, supporting post-event analysis and compliance auditing

1. Passive to Active: Shift from static guardrails to the model's active security awareness, identifying and avoiding risks during reasoning
2. Neuroscience-Inspired: Demonstrates the guiding value of cognitive neuroscience for AI architecture design, a cross-disciplinary case
3. Auditable AI: Cryptographic audit chain provides a technical path for trustworthy AI, facilitating regulatory compliance
4. Performance-Security Balance: Flexible configuration mechanism minimizes the impact of security on reasoning performance

Future plans include:

• Supporting more basic model architectures
• Optimizing reasoning efficiency of each mode
• Expanding the analytical capabilities of the audit system
• Exploring integration with technologies like federated learning and differential privacy to promote the construction of more secure and trustworthy AI systems