Making Models Unmergeable via Scaling-Sensitive Loss Landscape

TL;DR

This paper introduces extsc{Trap}$^{2}$, a novel, architecture-agnostic method that encodes protection into model updates to prevent unauthorized merging by exploiting scaling-sensitive loss landscape properties.

Contribution

It proposes a new protection framework that is architecture-agnostic and effective against merging, addressing limitations of existing post-hoc defenses.

Findings

extsc{Trap}$^{2}$ effectively prevents unauthorized model merging.

The method maintains standalone model performance.

It is compatible across diverse architectures and release formats.

Abstract

The rise of model hubs has made it easier to access reusable model components, making model merging a practical tool for combining capabilities. Yet, this modularity also creates a \emph{governance gap}: downstream users can recompose released weights into unauthorized mixtures that bypass safety alignment or licensing terms. Because existing defenses are largely post-hoc and architecture-specific, they provide inconsistent protection across diverse architectures and release formats in practice. To close this gap, we propose \textsc{Trap}$^{2}$, an architecture-agnostic protection framework that encodes protection into the update during fine-tuning, regardless of whether they are released as adapters or full models. Instead of relying on architecture-dependent approaches, \textsc{Trap}$^{2}$ uses weight re-scaling as a simple proxy for the merging process. It keeps released weights effective in standalone use, but degrades them under re-scaling that often arises in merging, undermining unauthorized merging.