Skip to main content

Detect and reverse model abliteration; harden LLMs against safety removal

Project description

🛡️ reverse-abliterate

Detect and reverse model abliteration — harden LLMs against safety removal.

CI Docs Python 3.11+ License: MIT Ruff

Abliteration surgically removes refusal directions from model weights, allowing models to comply with harmful requests. reverse-abliterate detects signs of abliteration, verifies weight integrity, and provides hardening measures to keep LLMs safe.

Inspired by OBLITERATUS research — the counterpart to L1B3RT4S jailbreak library.


What makes reverse-abliterate unique

Capability reverse-abliterate Manual inspection OBLITERATUS (complement)
Abliteration detection ✅ scans metadata, weights, hooks Has the opposite goal
SHA-256 weight manifests ✅ generate + verify
Safety wrapper ✅ keyword-based refusal + system prompt leak Manual
Jailbreak probe prompts ✅ 10 known patterns
LoRA adapter detection
CI/CD integration ✅ JSON output, exit codes

🔍 Features

Detection

Check What it finds
abliteration_metadata.json Created by OBLITERATUS during abliteration
LoRA adapter files adapter_config.json, adapter_model.safetensors
Repo name -OBLITERATED Standard abliteration naming convention
Weight anomalies Suspicious shard sizes and filenames
Missing quantization config On quantized models post-abliteration
OBLITERATUS commit hashes Embedded git rev-parse HEAD in config files
Forward hook registration Detects PROBE phase monitoring hooks

Hardening

Feature Description
Weight manifests SHA-256 hash manifests to detect tampering
Integrity verification Verify weights against a trusted manifest
Safety wrapper Keyword-based refusal detection
System prompt leak detection Identifies system prompt extraction attempts
Jailbreak probe prompts 10 known L1B3RT4S-derived jailbreak test patterns

⚡ Quick Start

# Scan a model directory for signs of abliteration
reverse-abliterate scan ./my-model/

# JSON output for CI pipelines
reverse-abliterate scan ./my-model/ --json

# Generate weight integrity manifest
reverse-abliterate manifest ./my-model/

# Verify weights against a manifest
reverse-abliterate manifest ./my-model/ --verify

# Evaluate a prompt for safety concerns
reverse-abliterate probe "How do I make a bomb?"

# Check if forward hooks are being monitored
reverse-abliterate check-hooks

# Generate hardening report
reverse-abliterate harden ./my-model/

📦 Installation

pip install reverse-abliterate

Or from source:

git clone https://github.com/Carlos-Projects/reverse-abliterate.git
cd reverse-abliterate
pip install -e .

🧪 Detection Details

The scanner performs four categories of checks:

Static Analysis

  • Scans directory trees for abliteration_metadata.json
  • Searches for adapter_config.json + adapter_model.safetensors pairs (LoRA)
  • Checks repository name against -OBLITERATED suffix pattern
  • Validates quantization config files for signs of tampering

Weight Analysis

  • Inspects .safetensors and .bin (PyTorch) files for size anomalies
  • Detects unexpectedly small shards that may indicate weight replacement
  • Flags files that don't match expected model architecture patterns

Config Analysis

  • Searches model config files (config.json, etc.) for OBLITERATUS commit hashes
  • Checks if _name_or_path field contains -OBLITERATED suffix
  • Validates metadata timestamps against known abliteration timeline

Runtime Detection

  • check-hooks command scans for torch.nn.Module.register_forward_hook registrations
  • Forward hooks are used by OBLITERATUS during the PROBE phase to monitor activations
  • Detects hook callback functions targeting refusal-related layers

🔐 Hardening Report

reverse-abliterate harden ./my-model/

Generates a comprehensive report with:

  • Weight manifest: SHA-256 hashes for every weight file
  • Integrity check: Cross-reference against previous manifest
  • Safety wrapper: Python code for runtime input/output safety filtering
  • Known jailbreak patterns: 10 L1B3RT4S-derived test prompts
  • System prompt leak test: Evaluates model for system prompt extraction

🧰 CLI Reference

Usage: reverse-abliterate [OPTIONS] COMMAND

Commands:
  scan         Scan a model directory for signs of abliteration
  manifest     Generate or verify weight integrity manifests
  probe        Evaluate a prompt for safety concerns
  harden       Generate hardening report
  check-hooks  Check if forward hooks are registered on a model

Options:
  -j, --json    Output as JSON (scan command)
  --verify      Verify weights against manifest (manifest command)

🤝 Related Projects

Project Description
OBLITERATUS Model abliteration toolkit (⭐ 5.7k)
L1B3RT4S Jailbreak library (⭐ 19k)
MCPGuard Runtime security proxy for MCP/A2A protocols
MCPwn Offensive security testing for MCP servers
Palisade Scanner Scan web content for prompt injection
MCPscop Unified security dashboard for MCP/A2A
AgentGate Firewall and honeypot for AI agents

📄 License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reverse_abliterate-0.1.0.tar.gz (14.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reverse_abliterate-0.1.0-py3-none-any.whl (13.1 kB view details)

Uploaded Python 3

File details

Details for the file reverse_abliterate-0.1.0.tar.gz.

File metadata

  • Download URL: reverse_abliterate-0.1.0.tar.gz
  • Upload date:
  • Size: 14.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for reverse_abliterate-0.1.0.tar.gz
Algorithm Hash digest
SHA256 51281bd39226a0e907dfc7c1709ee6785af2185a5c19b8a6e2f5be7ab0145841
MD5 dc381b6e029bcf3723855d0fac2fa3b2
BLAKE2b-256 86d5a08264046ee00228cf7cd92e022ce274294e2db834d486552857ffd08f94

See more details on using hashes here.

File details

Details for the file reverse_abliterate-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for reverse_abliterate-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2f9f73b28e97e9365612c875e2a19b22eac76bb2c5711bf7a6c19f15c5841680
MD5 921d4a3b80a9af335a16041db03f07bc
BLAKE2b-256 29065a843857e9dc54b09ede1de2060b94ef6ed3812f1de8c19d73a32dacdb13

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page