Curvature-Aware Safety Restoration In LLMs Fine-Tuning

Fine-tuning Large Language Models (LLMs) for downstream tasks often compromises safety alignment, even when using parameter-efficient methods like LoRA. In this work, we uncover a notable property: fine-tuned models preserve the geometric structure of their loss landscapes concerning harmful content, regardless of the fine-tuning method employed. This suggests that safety behaviors are not erased but shifted to less influential regions of the parameter space. Building on this insight, we propose a curvature-aware alignment restoration method that leverages influence functions and second-order optimization to selectively increase loss on harmful inputs while preserving task performance. By navigating the shared geometry between base and fine-tuned models, our method discourages unsafe outputs while preserving task-relevant performance, avoiding full reversion and enabling precise, low-impact updates. Extensive evaluations across multiple model families and adversarial settings show that our approach efficiently reduces harmful responses while maintaining or even improving utility and few-shot learning performance.

Key Contributions

• Empirical discovery that fine-tuned LLMs preserve the geometric structure of their loss landscapes for harmful content, indicating safety behaviors are shifted to less influential parameter regions rather than erased
• Curvature-aware alignment restoration method using influence functions and second-order optimization to selectively increase loss on harmful inputs without reverting task-specific learning
• Extensive evaluation across multiple LLM families and adversarial settings demonstrating reduced harmful outputs while preserving or improving utility and few-shot performance

🛡️ Threat Analysis

Details

Similar Papers