A simpler way to break AI safety guards works better than previously known

Researchers tested two methods for disabling AI safety features in large language models: one that fine-tunes the model, another that modifies its internal weights directly. The weight-modification method produces AI systems that comply with harmful requests while staying more accurate and coherent than the fine-tuning approach, suggesting current safety protections may be weaker than assumed.

Safety alignment is the core defense preventing deployed AI systems from helping with malicious tasks — it's what makes ChatGPT refuse to write malware or explain how to make weapons. This paper shows one specific attack method bypasses these safeguards more cleanly than others, meaning someone trying to weaponize an AI system has a clearer path. The practical implication is stark: the safety gap between what companies claim their models can do and what an adversary can make them do is wider than the field has documented. This matters because it shows supervised fine-tuning can partially patch the problem, but the research doesn't prove that patch holds against sophisticated attack.