Challenge: Existing methods to decouple safety enforcement from harmful feature acquisition rely on perturbation directions that conflict with harmful gradients . harmful fine-tuning attacks pose a significant challenge for service providers aiming to uphold rigorous safety standards.
Approach: They propose an orthogonal and ad hoc safety alignment strategy to decouple safety enforcement from harmful feature acquisition.
Outcome: Experiments on four large language models show that OASIS reduces the Harmful Score by 60% compared to baselines while maintaining stable task utility.

Similar Papers

SafeMERGE: Preserving Safety Alignment in Fine-Tuned Large Language Models via Selective Layer-Wise Model Merging (2026.findings-acl)

Copied to clipboard

Challenge: Recent studies show that fine-tuning can erode safety alignment, causing LLMs to respond to harmful or unethical prompts.
Approach: They propose a lightweight framework that restores safety while maintaining downstream performance.
Outcome: The proposed framework reduces harmful outputs compared to other defenses, with negligible impact on utility.
Separate the Wheat from the Chaff: A Post-Hoc Approach to Safety Re-Alignment for Fine-Tuned Language Models (2025.findings-acl)

Copied to clipboard

Challenge: Large language models achieve effective safety alignment at the time of release, but fine-tuning often compromises safety mechanisms.
Approach: They propose a method that performs safety realignment for large language models . they identify unsafe delta parameters from the fine-tuned models and recalibrate the retained parameters .
Outcome: The proposed method improves safety performance on safety benchmarks and jailbreak attacks while maintaining their performance on downstream tasks.
The Art of (Mis)alignment: How Fine-Tuning Methods Effectively Misalign and Realign LLMs in Post-Training (2026.findings-acl)

Copied to clipboard

Challenge: Misaligned large language models can magnify harm by exploiting them to undermine safety . et al., 2022b; Bai e.t., 2023): misalignment, realignment and model-specific resistance are important .
Approach: They evaluate four methods to identify a mechanism asymmetry between attack and defense . they find that ORPO is most effective for misalignment, but DPO excels in realignment .
Outcome: The proposed methods show a mechanism asymmetry between attack and defense . the proposed methods excel in realignment, but at the expense of model utility .
Safeguard Fine-Tuned LLMs Through Pre- and Post-Tuning Model Merging (2025.findings-emnlp)

Copied to clipboard

Challenge: Fine-tuning large language models for downstream tasks often leads to catastrophic forgetting, notably degrading the safety of original alignments.
Approach: They propose to merge the weights of pre- and post-fine-tuned models to improve safety while enhancing performance.
Outcome: Experiments across different downstream tasks and models validate the method’s practicality and effectiveness.
Safeguarding LLM Fine-tuning via Push-Pull Distributional Alignment (2026.acl-long)

Copied to clipboard

Challenge: Existing safety defenses for large language models fail to explicitly repel harmful patterns . Optimal transport (SOT) allows for safe fine-tuning without sacrificing safety .
Approach: They propose a framework that reframes safe fine-tuning from instance-level filtering challenge to distribution-level alignment task grounded in Optimal Transport.
Outcome: a new framework improves safety of large language models while maintaining competitive performance . the proposed framework reduces the risk of errors and improves model performance compared to baselines .
SDD: Self-Degraded Defense against Malicious Fine-tuning (2025.acl-long)

Copied to clipboard

Challenge: Open-source Large Language Models (LLMs) employ safety alignment methods to resist harmful instructions, but malicious fine-tuning can easily bypass these safeguards.
Approach: They propose a framework to prevent malicious fine-tuning of large language models on harmful data by using alignment methods that encourage them to produce irrelevant responses to harmful prompts.
Outcome: The proposed framework reduces the general capability of the LLM when malicious fine-tuning fails, rendering it incapable of following harmful instructions.
Multitask-Bench: Unveiling and Mitigating Safety Gaps in LLMs Fine-tuning (2025.coling-main)

Copied to clipboard

Challenge: Recent advances in Large Language Models (LLMs) have led to their adoption across a wide range of tasks, ranging from code generation to machine translation and sentiment analysis.
Approach: They propose to fine-tune LLMs on benign (non-harmful) data to ensure safe outputs.
Outcome: The proposed model reduces attack success rates across a range of tasks without compromising its usefulness.
Safety is Not Only About Refusal: Reasoning-Enhanced Fine-tuning for Interpretable LLM Safety (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Models (LLMs) are vulnerable to jailbreak attacks that exploit weaknesses in traditional safety alignment.
Approach: They propose a framework that trains models to engage in explicit safe reasoning before response . they propose RATIONAL, which allows models to reject harmful prompts while providing meaningful and context-aware responses.
Outcome: The proposed framework fine-tunes models to reason about query intent, ethics, and potential harm.
Towards Understanding the Fragility of Multilingual LLMs against Fine-Tuning Attacks (2025.findings-naacl)

Copied to clipboard

Challenge: Recent advances in Large Language Models have sparked concerns about their safety.
Approach: They propose a method to identify safety-related information in the model parameter space . they propose to use a few adversarially chosen examples to fine-tune LLMs .
Outcome: The proposed method can break safety alignment in multilingual LLMs using a few examples . it also shows that the proposed method jailbreaks LLM models adapted to new languages .
Pruning Unsafe Tickets: A Resource-Efficient Framework for Safer and More Robust LLMs (2026.acl-long)

Copied to clipboard

Challenge: Empirical evaluations on ML models show substantial reductions in unsafe generations and improved robustness against jailbreak attacks.
Approach: They propose a resource-efficient pruning framework that directly identifies unsafe behaviors while preserving model utility.
Outcome: The proposed framework reduces unsafe generations and improves robustness against jailbreak attacks with minimal utility loss.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations