Assessing the Brittleness of Safety Alignment via Pruning and Low-Rank Modifications

TL;DR

This paper investigates the fragility of safety mechanisms in large language models by identifying critical safety regions through pruning and low-rank modifications, revealing their sparse nature and vulnerability to attacks.

Contribution

The study introduces methods to pinpoint safety-critical regions in LLMs and demonstrates their sparse distribution and susceptibility to safety breaches even with limited modifications.

Findings

Safety-critical regions are sparse, about 3% at parameter level.

Removing these regions compromises safety with minimal utility loss.

LLMs remain vulnerable to low-cost fine-tuning attacks despite restrictions.

Abstract

Large language models (LLMs) show inherent brittleness in their safety mechanisms, as evidenced by their susceptibility to jailbreaking and even non-malicious fine-tuning. This study explores this brittleness of safety alignment by leveraging pruning and low-rank modifications. We develop methods to identify critical regions that are vital for safety guardrails, and that are disentangled from utility-relevant regions at both the neuron and rank levels. Surprisingly, the isolated regions we find are sparse, comprising about $3\%$ at the parameter level and $2.5\%$ at the rank level. Removing these regions compromises safety without significantly impacting utility, corroborating the inherent brittleness of the model's safety mechanisms. Moreover, we show that LLMs remain vulnerable to low-cost fine-tuning attacks even when modifications to the safety-critical regions are restricted. These findings underscore the urgent need for more robust safety strategies in LLMs.