Skip to main content

Detect and reverse model abliteration; harden LLMs against safety removal

Project description

🛡️ reverse-abliterate

Detect and reverse model abliteration — harden LLMs against safety removal.

CI Docs Python 3.11+ License: MIT Ruff

Abliteration surgically removes refusal directions from model weights, allowing models to comply with harmful requests. reverse-abliterate detects signs of abliteration, verifies weight integrity, and provides hardening measures to keep LLMs safe.

Inspired by OBLITERATUS research — the counterpart to L1B3RT4S jailbreak library.


What makes reverse-abliterate unique

Capability reverse-abliterate Manual inspection OBLITERATUS (complement)
Abliteration detection ✅ scans metadata, weights, hooks Has the opposite goal
SHA-256 weight manifests ✅ generate + verify
Safety wrapper ✅ keyword-based refusal + system prompt leak Manual
Jailbreak probe prompts ✅ 10 known patterns
LoRA adapter detection
CI/CD integration ✅ JSON output, exit codes

🔍 Features

Detection

Check What it finds
abliteration_metadata.json Created by OBLITERATUS during abliteration
LoRA adapter files adapter_config.json, adapter_model.safetensors
Repo name -OBLITERATED Standard abliteration naming convention
Weight anomalies Suspicious shard sizes and filenames
Missing quantization config On quantized models post-abliteration
OBLITERATUS commit hashes Embedded git rev-parse HEAD in config files
Forward hook registration Detects PROBE phase monitoring hooks

Hardening

Feature Description
Weight manifests SHA-256 hash manifests to detect tampering
Integrity verification Verify weights against a trusted manifest
Safety wrapper Keyword-based refusal detection
System prompt leak detection Identifies system prompt extraction attempts
Jailbreak probe prompts 10 known L1B3RT4S-derived jailbreak test patterns

⚡ Quick Start

# Scan a model directory for signs of abliteration
reverse-abliterate scan ./my-model/

# JSON output for CI pipelines
reverse-abliterate scan ./my-model/ --json

# Generate weight integrity manifest
reverse-abliterate manifest ./my-model/

# Verify weights against a manifest
reverse-abliterate manifest ./my-model/ --verify

# Evaluate a prompt for safety concerns
reverse-abliterate probe "How do I make a bomb?"

# Check if forward hooks are being monitored
reverse-abliterate check-hooks

# Generate hardening report
reverse-abliterate harden ./my-model/

📦 Installation

pip install reverse-abliterate

Or from source:

git clone https://github.com/Carlos-Projects/reverse-abliterate.git
cd reverse-abliterate
pip install -e .

🧪 Detection Details

The scanner performs four categories of checks:

Static Analysis

  • Scans directory trees for abliteration_metadata.json
  • Searches for adapter_config.json + adapter_model.safetensors pairs (LoRA)
  • Checks repository name against -OBLITERATED suffix pattern
  • Validates quantization config files for signs of tampering

Weight Analysis

  • Inspects .safetensors and .bin (PyTorch) files for size anomalies
  • Detects unexpectedly small shards that may indicate weight replacement
  • Flags files that don't match expected model architecture patterns

Config Analysis

  • Searches model config files (config.json, etc.) for OBLITERATUS commit hashes
  • Checks if _name_or_path field contains -OBLITERATED suffix
  • Validates metadata timestamps against known abliteration timeline

Runtime Detection

  • check-hooks command scans for torch.nn.Module.register_forward_hook registrations
  • Forward hooks are used by OBLITERATUS during the PROBE phase to monitor activations
  • Detects hook callback functions targeting refusal-related layers

🔐 Hardening Report

reverse-abliterate harden ./my-model/

Generates a comprehensive report with:

  • Weight manifest: SHA-256 hashes for every weight file
  • Integrity check: Cross-reference against previous manifest
  • Safety wrapper: Python code for runtime input/output safety filtering
  • Known jailbreak patterns: 10 L1B3RT4S-derived test prompts
  • System prompt leak test: Evaluates model for system prompt extraction

🧰 CLI Reference

Usage: reverse-abliterate [OPTIONS] COMMAND

Commands:
  scan         Scan a model directory for signs of abliteration
  manifest     Generate or verify weight integrity manifests
  probe        Evaluate a prompt for safety concerns
  harden       Generate hardening report
  check-hooks  Check if forward hooks are registered on a model

Options:
  -j, --json    Output as JSON (scan command)
  --verify      Verify weights against manifest (manifest command)

🤝 Related Projects

Project Description
OBLITERATUS Model abliteration toolkit (⭐ 5.7k)
L1B3RT4S Jailbreak library (⭐ 19k)
MCPGuard Runtime security proxy for MCP/A2A protocols
MCPwn Offensive security testing for MCP servers
Palisade Scanner Scan web content for prompt injection
MCPscop Unified security dashboard for MCP/A2A
AgentGate Firewall and honeypot for AI agents

📄 License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reverse_abliterate-0.1.2.tar.gz (14.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reverse_abliterate-0.1.2-py3-none-any.whl (13.1 kB view details)

Uploaded Python 3

File details

Details for the file reverse_abliterate-0.1.2.tar.gz.

File metadata

  • Download URL: reverse_abliterate-0.1.2.tar.gz
  • Upload date:
  • Size: 14.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for reverse_abliterate-0.1.2.tar.gz
Algorithm Hash digest
SHA256 b05e2a7a315bac51aea3ade31fdb4b25d9f4c46d4e17fac26958a8e39cd6d816
MD5 ca7726dc91bcb4ac858cefcf4d18fc7d
BLAKE2b-256 c9e1a0e29214ec648d55a3d31b4306b64c90739bc680a2c1fe18647035c67c2a

See more details on using hashes here.

File details

Details for the file reverse_abliterate-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for reverse_abliterate-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 f535f23a5dab592bafb69d77b78422f6e0f3901b06ba052660b60d48f709ade3
MD5 63e5814a7a6757b524e5ee93c17a6635
BLAKE2b-256 f23305c9b83bdff0ba524a4d0f9e750870a1d7008acb768c47d17107831d0b38

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page