Rendering Data Unlearnable by Exploiting LLM Alignment Mechanisms

Large language models (LLMs) are increasingly trained on massive, heterogeneous text corpora, raising serious concerns about the unauthorised use of proprietary or personal data during model training. In this work, we address the problem of data protection against unwanted model learning in a realistic black-box setting. We propose Disclaimer Injection, a novel data-level defence that renders text unlearnable to LLMs. Rather than relying on model-side controls or explicit data removal, our approach exploits the models' own alignment mechanisms: by injecting carefully designed alignment-triggering disclaimers to prevent effective learning. Through layer-wise analysis, we find that fine-tuning on such protected data induces persistent activation of alignment-related layers, causing alignment constraints to override task learning even on common inputs. Consequently, models trained on such data exhibit substantial and systematic performance degradation compared to standard fine-tuning. Our results identify alignment behaviour as a previously unexplored lever for data protection and, to our knowledge, present the first practical method for restricting data learnability at LLM scale without requiring access to or modification of the training pipeline.

Key Contributions

• Identifies LLM alignment behaviour as a novel lever for data protection, introducing alignment-triggered unlearnability as a new perspective
• Proposes Disclaimer Injection: a black-box, model-agnostic method that injects alignment-triggering text into training data to prevent effective model learning without degrading human readability
• Demonstrates via layer-wise causal analysis that training on protected data induces persistent activation of alignment-related layers, rerouting internal representations even for benign inputs

🛡️ Threat Analysis

Details

Similar Papers