Saved in:
Bibliographic Details
Main Authors: Dombrowski, Ann-Kathrin, Bowen, Dillon, Gleave, Adam, Cundy, Chris
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.11544
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916844961529856
author Dombrowski, Ann-Kathrin
Bowen, Dillon
Gleave, Adam
Cundy, Chris
author_facet Dombrowski, Ann-Kathrin
Bowen, Dillon
Gleave, Adam
Cundy, Chris
contents Open-weight large language models (LLMs) unlock huge benefits in innovation, personalization, privacy, and democratization. However, their core advantage - modifiability - opens the door to systemic risks: bad actors can trivially subvert current safeguards, turning beneficial models into tools for harm. This leads to a 'safety gap': the difference in dangerous capabilities between a model with intact safeguards and one that has been stripped of those safeguards. We open-source a toolkit to estimate the safety gap for state-of-the-art open-weight models. As a case study, we evaluate biochemical and cyber capabilities, refusal rates, and generation quality of models from two families (Llama-3 and Qwen-2.5) across a range of parameter scales (0.5B to 405B) using different safeguard removal techniques. Our experiments reveal that the safety gap widens as model scale increases and effective dangerous capabilities grow substantially when safeguards are removed. We hope that the Safety Gap Toolkit (https://github.com/AlignmentResearch/safety-gap) will serve as an evaluation framework for common open-source models and as a motivation for developing and testing tamper-resistant safeguards. We welcome contributions to the toolkit from the community.
format Preprint
id arxiv_https___arxiv_org_abs_2507_11544
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle The Safety Gap Toolkit: Evaluating Hidden Dangers of Open-Source Models
Dombrowski, Ann-Kathrin
Bowen, Dillon
Gleave, Adam
Cundy, Chris
Computers and Society
Machine Learning
68T07
Open-weight large language models (LLMs) unlock huge benefits in innovation, personalization, privacy, and democratization. However, their core advantage - modifiability - opens the door to systemic risks: bad actors can trivially subvert current safeguards, turning beneficial models into tools for harm. This leads to a 'safety gap': the difference in dangerous capabilities between a model with intact safeguards and one that has been stripped of those safeguards. We open-source a toolkit to estimate the safety gap for state-of-the-art open-weight models. As a case study, we evaluate biochemical and cyber capabilities, refusal rates, and generation quality of models from two families (Llama-3 and Qwen-2.5) across a range of parameter scales (0.5B to 405B) using different safeguard removal techniques. Our experiments reveal that the safety gap widens as model scale increases and effective dangerous capabilities grow substantially when safeguards are removed. We hope that the Safety Gap Toolkit (https://github.com/AlignmentResearch/safety-gap) will serve as an evaluation framework for common open-source models and as a motivation for developing and testing tamper-resistant safeguards. We welcome contributions to the toolkit from the community.
title The Safety Gap Toolkit: Evaluating Hidden Dangers of Open-Source Models
topic Computers and Society
Machine Learning
68T07
url https://arxiv.org/abs/2507.11544