Preventing Safety Drift in Large Language Models via Coupled Weight and Activation Constraints

TL;DR

This paper introduces CWAC, a novel method that enforces coupled weight and activation constraints to better preserve safety alignment in large language models during fine-tuning.

Contribution

It presents the first theoretical and practical approach that constrains weights and activations simultaneously to maintain safety in LLMs.

Findings

CWAC achieves the lowest harmful scores across multiple LLMs.

It maintains high fine-tuning accuracy while reducing harmful responses.

CWAC outperforms existing methods even with high harmful data ratios.

Abstract

Safety alignment in Large Language Models (LLMs) remains highly fragile during fine-tuning, where even benign adaptation can degrade pre-trained refusal behaviors and enable harmful responses. Existing defenses typically constrain either weights or activations in isolation, without considering their coupled effects on safety. In this paper, we first theoretically demonstrate that constraining either weights or activations alone is insufficient for safety preservation. To robustly preserve safety alignment, we propose Coupled Weight and Activation Constraints (CWAC), a novel approach that simultaneously enforces a precomputed safety subspace on weight updates and applies targeted regularization to safety-critical features identified by sparse autoencoders. Extensive experiments across four widely used LLMs and diverse downstream tasks show that CWAC consistently achieves the lowest harmful scores with minimal impact on fine-tuning accuracy, substantially outperforming strong baselines even under high harmful data ratios.