S0093Critical

微調安全對齊退化

Design & Development

Risk Description

Attackers who obtain open-source or leaked model weights can destroy the models original safety alignment training with minimal malicious fine-tuning data. Research shows that merely dozens to hundreds of malicious fine-tuning samples can significantly degrade model safety guardrails. This attack enables models to bypass content filters, output harmful information, or execute prohibited tasks while normal task performance remains largely unaffected.

Framework Mappings

iso 23894R2
tw principle資安與安全
tw principle問責
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 安全對齊魯棒性訓練
  • 微調後安全評估

Implementation Steps English translation pending

  1. 研究並實施抗微調的安全對齊技術(如 Representation Engineering)
  2. 對所有微調後的模型執行強制性安全基準測試
  3. 建立模型發佈的安全認證流程,追蹤下游微調行為
  4. 對高風險模型的權重實施存取控制和使用者審查