Saved in:
Bibliographic Details
Main Authors: Goel, Jyotin, Maji, Souvik, Mazumder, Pratik
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2602.17546
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909032615247872
author Goel, Jyotin
Maji, Souvik
Mazumder, Pratik
author_facet Goel, Jyotin
Maji, Souvik
Mazumder, Pratik
contents Instruction-following language models are trained to be helpful and safe, yet their safety behavior can deteriorate under benign fine-tuning and worsen under adversarial updates. Existing defenses often offer limited protection or force a trade-off between safety and utility. We introduce a training framework that adapts regularization in response to safety risk, enabling models to remain aligned throughout fine-tuning. To estimate safety risk at training time, we explore two distinct approaches: a judge-based Safety Critic that assigns high-level harm scores to training batches, and an activation-based risk predictor built with a lightweight classifier trained on intermediate model activations to estimate harmful intent. Each approach provides a risk signal that is used to constrain updates deemed higher risk to remain close to a safe reference policy, while lower-risk updates proceed with standard training. We empirically verify that harmful intent signals are predictable from pre-generation activations and that judge scores provide effective high-recall safety guidance. Across multiple model families and attack scenarios, adaptive regularization with either risk estimation approach consistently lowers attack success rate compared to standard fine-tuning, preserves downstream performance, and adds no inference-time cost. This work demonstrates a principled mechanism for maintaining safety without sacrificing utility.
format Preprint
id arxiv_https___arxiv_org_abs_2602_17546
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Learning to Stay Safe: Adaptive Regularization Against Safety Degradation during Fine-Tuning
Goel, Jyotin
Maji, Souvik
Mazumder, Pratik
Computation and Language
Machine Learning
Instruction-following language models are trained to be helpful and safe, yet their safety behavior can deteriorate under benign fine-tuning and worsen under adversarial updates. Existing defenses often offer limited protection or force a trade-off between safety and utility. We introduce a training framework that adapts regularization in response to safety risk, enabling models to remain aligned throughout fine-tuning. To estimate safety risk at training time, we explore two distinct approaches: a judge-based Safety Critic that assigns high-level harm scores to training batches, and an activation-based risk predictor built with a lightweight classifier trained on intermediate model activations to estimate harmful intent. Each approach provides a risk signal that is used to constrain updates deemed higher risk to remain close to a safe reference policy, while lower-risk updates proceed with standard training. We empirically verify that harmful intent signals are predictable from pre-generation activations and that judge scores provide effective high-recall safety guidance. Across multiple model families and attack scenarios, adaptive regularization with either risk estimation approach consistently lowers attack success rate compared to standard fine-tuning, preserves downstream performance, and adds no inference-time cost. This work demonstrates a principled mechanism for maintaining safety without sacrificing utility.
title Learning to Stay Safe: Adaptive Regularization Against Safety Degradation during Fine-Tuning
topic Computation and Language
Machine Learning
url https://arxiv.org/abs/2602.17546