ML Security PapersPruning Unsafe Tickets: A Resource-Efficient Framework for Safer and More Robust LLMs
Wai Man Si , Mingjie Li , Michael Backes , Yang Zhang
Published on arXiv
2604.15780
Prompt Injection
OWASP LLM Top 10 — LLM01
Key Finding
Reduces unsafe responses to 1% on Mistral-7B-Instruct-v0.2 and 2% on LLaVA-v1.6-Mistral-7B with minimal utility loss, completed in 455 seconds
Unsafe Ticket Pruning
Novel technique introduced
Machine learning models are increasingly deployed in real-world applications, but even aligned models such as Mistral and LLaVA still exhibit unsafe behaviors inherited from pre-training. Current alignment methods like SFT and RLHF primarily encourage models to generate preferred responses, but do not explicitly remove the unsafe subnetworks that trigger harmful outputs. In this work, we introduce a resource-efficient pruning framework that directly identifies and removes parameters associated with unsafe behaviors while preserving model utility. Our method employs a gradient-free attribution mechanism, requiring only modest GPU resources, and generalizes across architectures and quantized variants. Empirical evaluations on ML models show substantial reductions in unsafe generations and improved robustness against jailbreak attacks, with minimal utility loss. From the perspective of the Lottery Ticket Hypothesis, our results suggest that ML models contain "unsafe tickets" responsible for harmful behaviors, and pruning reveals "safety tickets" that maintain performance while aligning outputs. This provides a lightweight, post-hoc alignment strategy suitable for deployment in resource-constrained settings.
Key Contributions
- Gradient-free attribution mechanism to identify and prune parameters responsible for unsafe LLM behaviors
- Connects pruning-based safety alignment with Lottery Ticket Hypothesis via 'unsafe tickets' and 'safety tickets'
- Resource-efficient post-hoc alignment requiring only 455 seconds on modest GPU resources