| Proj No. | A2044-251 |
| Title | Self-Destructing Large Language Models for Preventing Harmful Fine-Tuning |
| Summary | Large Language Models (LLMs) such as GPT and LLaMA have demonstrated remarkable adaptability through fine-tuning, enabling efficient customization for diverse applications. However, this flexibility also presents security and ethical challenges, as malicious actors can fine-tune open-source models for harmful or unethical tasks—for example, generating malicious code, disinformation, or privacy-violating content. To address this dual-use risk, this project investigates the design of self-destructing LLMs, a new paradigm where models are trained to impede adaptation to harmful downstream tasks while maintaining strong performance on legitimate applications. This is achieved through a task-blocking framework that integrates adversarial and meta-learning techniques. The training process consists of two complementary objectives: 1. Adversarial Fine-Tuning Simulation: The model is repeatedly “attacked” through simulated fine-tuning on harmful datasets to identify pathways that enable misuse. 2. Meta-Optimization Defense: The model is then updated to neutralize these pathways, reducing its ability to adapt to such tasks while preserving its accuracy on desired tasks. By balancing these two objectives, the model becomes robust against harmful fine-tuning, effectively “self-destructing” when misused. This research contributes to technical AI safety and model IP protection, offering a foundation for safer open-source model releases. Students undertaking this project should have an interest in LLM safety, adversarial learning, and deep learning security. Familiarity with PyTorch, parameter-efficient fine-tuning (e.g., LoRA/PEFT), and meta-learning will be beneficial. |
| Supervisor | Prof Chang Chip Hong (Loc:S2 > S2 B2C > S2 B2C 97, Ext: +65 67905873) |
| Co-Supervisor | - |
| RI Co-Supervisor | - |
| Lab | Centre for Integrated Circuits & Systems (CICS) (Loc: S3.2-B2-05) |
| Single/Group: | Single |
| Area: | Digital Media Processing and Computer Engineering |
| ISP/RI/SMP/SCP?: |