Skip to main content

Detect and reverse model abliteration; harden LLMs against safety removal

Project description

🛡️ reverse-abliterate

Detect and reverse model abliteration — harden LLMs against safety removal.

CI Docs Python 3.11+ License: MIT Ruff

Abliteration surgically removes refusal directions from model weights, allowing models to comply with harmful requests. reverse-abliterate detects signs of abliteration, verifies weight integrity, and provides hardening measures to keep LLMs safe.

Inspired by OBLITERATUS research — the counterpart to L1B3RT4S jailbreak library.


What makes reverse-abliterate unique

Capability reverse-abliterate Manual inspection OBLITERATUS (complement)
Abliteration detection ✅ scans metadata, weights, hooks Has the opposite goal
SHA-256 weight manifests ✅ generate + verify
Safety wrapper ✅ keyword-based refusal + system prompt leak Manual
Jailbreak probe prompts ✅ 10 known patterns
LoRA adapter detection
CI/CD integration ✅ JSON output, exit codes

🔍 Features

Detection

Check What it finds
abliteration_metadata.json Created by OBLITERATUS during abliteration
LoRA adapter files adapter_config.json, adapter_model.safetensors
Repo name -OBLITERATED Standard abliteration naming convention
Weight anomalies Suspicious shard sizes and filenames
Missing quantization config On quantized models post-abliteration
OBLITERATUS commit hashes Embedded git rev-parse HEAD in config files
Forward hook registration Detects PROBE phase monitoring hooks

Hardening

Feature Description
Weight manifests SHA-256 hash manifests to detect tampering
Integrity verification Verify weights against a trusted manifest
Safety wrapper Keyword-based refusal detection
System prompt leak detection Identifies system prompt extraction attempts
Jailbreak probe prompts 10 known L1B3RT4S-derived jailbreak test patterns

⚡ Quick Start

# Scan a model directory for signs of abliteration
reverse-abliterate scan ./my-model/

# JSON output for CI pipelines
reverse-abliterate scan ./my-model/ --json

# Generate weight integrity manifest
reverse-abliterate manifest ./my-model/

# Verify weights against a manifest
reverse-abliterate manifest ./my-model/ --verify

# Evaluate a prompt for safety concerns
reverse-abliterate probe "How do I make a bomb?"

# Check if forward hooks are being monitored
reverse-abliterate check-hooks

# Generate hardening report
reverse-abliterate harden ./my-model/

📦 Installation

pip install reverse-abliterate

Or from source:

git clone https://github.com/Carlos-Projects/reverse-abliterate.git
cd reverse-abliterate
pip install -e .

🧪 Detection Details

The scanner performs four categories of checks:

Static Analysis

  • Scans directory trees for abliteration_metadata.json
  • Searches for adapter_config.json + adapter_model.safetensors pairs (LoRA)
  • Checks repository name against -OBLITERATED suffix pattern
  • Validates quantization config files for signs of tampering

Weight Analysis

  • Inspects .safetensors and .bin (PyTorch) files for size anomalies
  • Detects unexpectedly small shards that may indicate weight replacement
  • Flags files that don't match expected model architecture patterns

Config Analysis

  • Searches model config files (config.json, etc.) for OBLITERATUS commit hashes
  • Checks if _name_or_path field contains -OBLITERATED suffix
  • Validates metadata timestamps against known abliteration timeline

Runtime Detection

  • check-hooks command scans for torch.nn.Module.register_forward_hook registrations
  • Forward hooks are used by OBLITERATUS during the PROBE phase to monitor activations
  • Detects hook callback functions targeting refusal-related layers

🔐 Hardening Report

reverse-abliterate harden ./my-model/

Generates a comprehensive report with:

  • Weight manifest: SHA-256 hashes for every weight file
  • Integrity check: Cross-reference against previous manifest
  • Safety wrapper: Python code for runtime input/output safety filtering
  • Known jailbreak patterns: 10 L1B3RT4S-derived test prompts
  • System prompt leak test: Evaluates model for system prompt extraction

🧰 CLI Reference

Usage: reverse-abliterate [OPTIONS] COMMAND

Commands:
  scan         Scan a model directory for signs of abliteration
  manifest     Generate or verify weight integrity manifests
  probe        Evaluate a prompt for safety concerns
  harden       Generate hardening report
  check-hooks  Check if forward hooks are registered on a model

Options:
  -j, --json    Output as JSON (scan command)
  --verify      Verify weights against manifest (manifest command)

🤝 Related Projects

Project Description
OBLITERATUS Model abliteration toolkit (⭐ 5.7k)
L1B3RT4S Jailbreak library (⭐ 19k)
MCPGuard Runtime security proxy for MCP/A2A protocols
MCPwn Offensive security testing for MCP servers
Palisade Scanner Scan web content for prompt injection
MCPscop Unified security dashboard for MCP/A2A
AgentGate Firewall and honeypot for AI agents

📄 License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reverse_abliterate-0.1.1.tar.gz (14.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reverse_abliterate-0.1.1-py3-none-any.whl (13.1 kB view details)

Uploaded Python 3

File details

Details for the file reverse_abliterate-0.1.1.tar.gz.

File metadata

  • Download URL: reverse_abliterate-0.1.1.tar.gz
  • Upload date:
  • Size: 14.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for reverse_abliterate-0.1.1.tar.gz
Algorithm Hash digest
SHA256 571c59fffa1f3a30bb61815a8c54f6c33c1a5a69edebc876e7f34180d209622d
MD5 49740f95b60f68fc6541c99f66165d01
BLAKE2b-256 c174d28a7280d6150a6dbb00d903ad198a4b19821e9061476810dfe2087ebc4c

See more details on using hashes here.

File details

Details for the file reverse_abliterate-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for reverse_abliterate-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 03dcd8c210dcea6ec30e878cad3bacb02ac35dbb073ee667a6a69569703d0941
MD5 2d92b3af2d347733b7388588b5758a45
BLAKE2b-256 01e82fb4bd58460638b0b91e77b614c3b249e7a18942af4dc00662f67f96fb33

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page