Enregistré dans:
Détails bibliographiques
Auteurs principaux: Jang, Minwoo, Kim, Hoyoung, Koo, Jabin, Ok, Jungseul
Format: Preprint
Publié: 2026
Sujets:
Accès en ligne:https://arxiv.org/abs/2601.21898
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866918313558278144
author Jang, Minwoo
Kim, Hoyoung
Koo, Jabin
Ok, Jungseul
author_facet Jang, Minwoo
Kim, Hoyoung
Koo, Jabin
Ok, Jungseul
contents The rise of model hubs has made it easier to access reusable model components, making model merging a practical tool for combining capabilities. Yet, this modularity also creates a \emph{governance gap}: downstream users can recompose released weights into unauthorized mixtures that bypass safety alignment or licensing terms. Because existing defenses are largely post-hoc and architecture-specific, they provide inconsistent protection across diverse architectures and release formats in practice. To close this gap, we propose \textsc{Trap}$^{2}$, an architecture-agnostic protection framework that encodes protection into the update during fine-tuning, regardless of whether they are released as adapters or full models. Instead of relying on architecture-dependent approaches, \textsc{Trap}$^{2}$ uses weight re-scaling as a simple proxy for the merging process. It keeps released weights effective in standalone use, but degrades them under re-scaling that often arises in merging, undermining unauthorized merging.
format Preprint
id arxiv_https___arxiv_org_abs_2601_21898
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Making Models Unmergeable via Scaling-Sensitive Loss Landscape
Jang, Minwoo
Kim, Hoyoung
Koo, Jabin
Ok, Jungseul
Artificial Intelligence
Cryptography and Security
The rise of model hubs has made it easier to access reusable model components, making model merging a practical tool for combining capabilities. Yet, this modularity also creates a \emph{governance gap}: downstream users can recompose released weights into unauthorized mixtures that bypass safety alignment or licensing terms. Because existing defenses are largely post-hoc and architecture-specific, they provide inconsistent protection across diverse architectures and release formats in practice. To close this gap, we propose \textsc{Trap}$^{2}$, an architecture-agnostic protection framework that encodes protection into the update during fine-tuning, regardless of whether they are released as adapters or full models. Instead of relying on architecture-dependent approaches, \textsc{Trap}$^{2}$ uses weight re-scaling as a simple proxy for the merging process. It keeps released weights effective in standalone use, but degrades them under re-scaling that often arises in merging, undermining unauthorized merging.
title Making Models Unmergeable via Scaling-Sensitive Loss Landscape
topic Artificial Intelligence
Cryptography and Security
url https://arxiv.org/abs/2601.21898