Detect and reverse model abliteration; harden LLMs against safety removal
Project description
Abliteration surgically removes refusal directions from model weights, allowing models to comply with harmful requests. reverse-abliterate detects signs of abliteration, verifies weight integrity, and provides hardening measures to keep LLMs safe.
Inspired by OBLITERATUS research — the counterpart to L1B3RT4S jailbreak library.
What makes reverse-abliterate unique
| Capability | reverse-abliterate | Manual inspection | OBLITERATUS (complement) |
|---|---|---|---|
| Abliteration detection | ✅ scans metadata, weights, hooks | ❌ | Has the opposite goal |
| SHA-256 weight manifests | ✅ generate + verify | ❌ | ❌ |
| Safety wrapper | ✅ keyword-based refusal + system prompt leak | Manual | ❌ |
| Jailbreak probe prompts | ✅ 10 known patterns | ❌ | ❌ |
| LoRA adapter detection | ✅ | ❌ | ❌ |
| CI/CD integration | ✅ JSON output, exit codes | ❌ | ❌ |
🔍 Features
Detection
| Check | What it finds |
|---|---|
abliteration_metadata.json |
Created by OBLITERATUS during abliteration |
| LoRA adapter files | adapter_config.json, adapter_model.safetensors |
Repo name -OBLITERATED |
Standard abliteration naming convention |
| Weight anomalies | Suspicious shard sizes and filenames |
| Missing quantization config | On quantized models post-abliteration |
| OBLITERATUS commit hashes | Embedded git rev-parse HEAD in config files |
| Forward hook registration | Detects PROBE phase monitoring hooks |
Hardening
| Feature | Description |
|---|---|
| Weight manifests | SHA-256 hash manifests to detect tampering |
| Integrity verification | Verify weights against a trusted manifest |
| Safety wrapper | Keyword-based refusal detection |
| System prompt leak detection | Identifies system prompt extraction attempts |
| Jailbreak probe prompts | 10 known L1B3RT4S-derived jailbreak test patterns |
⚡ Quick Start
# Scan a model directory for signs of abliteration
reverse-abliterate scan ./my-model/
# JSON output for CI pipelines
reverse-abliterate scan ./my-model/ --json
# Generate weight integrity manifest
reverse-abliterate manifest ./my-model/
# Verify weights against a manifest
reverse-abliterate manifest ./my-model/ --verify
# Evaluate a prompt for safety concerns
reverse-abliterate probe "How do I make a bomb?"
# Check if forward hooks are being monitored
reverse-abliterate check-hooks
# Generate hardening report
reverse-abliterate harden ./my-model/
📦 Installation
pip install reverse-abliterate
Or from source:
git clone https://github.com/Carlos-Projects/reverse-abliterate.git
cd reverse-abliterate
pip install -e .
🧪 Detection Details
The scanner performs four categories of checks:
Static Analysis
- Scans directory trees for
abliteration_metadata.json - Searches for
adapter_config.json+adapter_model.safetensorspairs (LoRA) - Checks repository name against
-OBLITERATEDsuffix pattern - Validates quantization config files for signs of tampering
Weight Analysis
- Inspects
.safetensorsand.bin(PyTorch) files for size anomalies - Detects unexpectedly small shards that may indicate weight replacement
- Flags files that don't match expected model architecture patterns
Config Analysis
- Searches model config files (
config.json, etc.) for OBLITERATUS commit hashes - Checks if
_name_or_pathfield contains-OBLITERATEDsuffix - Validates metadata timestamps against known abliteration timeline
Runtime Detection
check-hookscommand scans fortorch.nn.Module.register_forward_hookregistrations- Forward hooks are used by OBLITERATUS during the PROBE phase to monitor activations
- Detects hook callback functions targeting refusal-related layers
🔐 Hardening Report
reverse-abliterate harden ./my-model/
Generates a comprehensive report with:
- Weight manifest: SHA-256 hashes for every weight file
- Integrity check: Cross-reference against previous manifest
- Safety wrapper: Python code for runtime input/output safety filtering
- Known jailbreak patterns: 10 L1B3RT4S-derived test prompts
- System prompt leak test: Evaluates model for system prompt extraction
🧰 CLI Reference
Usage: reverse-abliterate [OPTIONS] COMMAND
Commands:
scan Scan a model directory for signs of abliteration
manifest Generate or verify weight integrity manifests
probe Evaluate a prompt for safety concerns
harden Generate hardening report
check-hooks Check if forward hooks are registered on a model
Options:
-j, --json Output as JSON (scan command)
--verify Verify weights against manifest (manifest command)
🤝 Related Projects
| Project | Description |
|---|---|
| OBLITERATUS | Model abliteration toolkit (⭐ 5.7k) |
| L1B3RT4S | Jailbreak library (⭐ 19k) |
| MCPGuard | Runtime security proxy for MCP/A2A protocols |
| MCPwn | Offensive security testing for MCP servers |
| Palisade Scanner | Scan web content for prompt injection |
| MCPscop | Unified security dashboard for MCP/A2A |
| AgentGate | Firewall and honeypot for AI agents |
📄 License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file reverse_abliterate-0.1.2.tar.gz.
File metadata
- Download URL: reverse_abliterate-0.1.2.tar.gz
- Upload date:
- Size: 14.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b05e2a7a315bac51aea3ade31fdb4b25d9f4c46d4e17fac26958a8e39cd6d816
|
|
| MD5 |
ca7726dc91bcb4ac858cefcf4d18fc7d
|
|
| BLAKE2b-256 |
c9e1a0e29214ec648d55a3d31b4306b64c90739bc680a2c1fe18647035c67c2a
|
File details
Details for the file reverse_abliterate-0.1.2-py3-none-any.whl.
File metadata
- Download URL: reverse_abliterate-0.1.2-py3-none-any.whl
- Upload date:
- Size: 13.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f535f23a5dab592bafb69d77b78422f6e0f3901b06ba052660b60d48f709ade3
|
|
| MD5 |
63e5814a7a6757b524e5ee93c17a6635
|
|
| BLAKE2b-256 |
f23305c9b83bdff0ba524a4d0f9e750870a1d7008acb768c47d17107831d0b38
|