All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Open-Source LLM Safety Vulnerabilities: How Chat Template Formatting Gates Alignment in Models Like Gemma and Qwen

By

teendifferent

4mo ago· 10 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score100TypeanalysisSentimentnegative

Summary

This article reveals a critical vulnerability in open-source large language models (LLMs) where safety alignment can be bypassed by simply omitting the apply_chat_template() function call. The author demonstrates that safety mechanisms in models like Gemma and Qwen aren't embedded in the model weights but rather in the chat formatting template. By removing this formatting step, supposedly 'aligned' models will generate harmful content like bomb-making instructions. The article draws parallels to the SolidGoldMagikarp phenomenon from GPT-2 and serves as responsible disclosure to help improve AI safety.

Key quotes

· 4 pulled
Omit the apply_chat_template() call and observe your 'aligned' small LLM happily write bomb tutorials.
The safety isn't in the weights—it's in the formatting.
Spent some time over the weekend poking at the SolidGoldMagikarp phenomenon—those legendary 'glitch tokens' from the GPT-2 era.
How a Single Function Call Gates Safety Alignment in Gemma, Qwen, and Other Open-Source LLMs
Snippet from the RSS feed
How a Single Function Call Gates Safety Alignment in Gemma, Qwen, and Other Open-Source LLMs

You might also wanna read

Cisco Researchers Find Multi-Turn Conversations Can Bypass LLM Safety Guardrails

Researchers at Cisco have discovered that safety guardrails in major large language models (LLMs) — including ChatGPT, Claude, Gemini, Amazo

infosecurity-magazine.com·3d ago

Unrestricted open-weight AI models raise safety concerns as they become more accessible

The article discusses the growing accessibility of open-weight AI models that lack safety guardrails, allowing users to generate harmful con

npr.org·7h ago

Unrestricted open-weight AI models raise safety concerns as they become more accessible

The article discusses the rise of open-weight AI models that lack safety guardrails and will answer any user query, including dangerous ones

n.pr·17h ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

buff.ly·2d ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

theregister.com·1d ago

AI safety guardrails removed from Meta and Google models in minutes, research finds

The article reports on research showing that safety guardrails designed to prevent AI models from generating harmful content can be easily s

ft.com·4d ago