Unlearning harmful behaviors in language models: reproducing and mitigating jailbreak attacks

Abstract

Recent advances in large language models (LLMs) have prompted grow ing attention to model alignment, aiming to prevent the generation of harmful or unethical content. However, alignment remains vulnerable to adversarial attacks. In this work, we first demonstrate that popular open-source models, Mistral-7B and Vicuna-7B, can be manipulated to bypass alignment through carefully crafted adversarial prompts. These results highlight the practical limitations of current alignment techniques and motivate the need for robust mitigation strategies. Focusing on one such strategy, we investigate machine unlearning—the process of removing specific undesired behaviors from a trained model without full retraining. Due to computational constraints, we shift our experiments to GPT-2 and apply fine-tuning-based unlearning to erase the model’s sus ceptibility to previously successful adversarial attacks. We then re-evaluate the model’s responses under the same attack prompts. Our results show that fine-tuning can effectively reduce harmful generations, suggesting that targeted unlearning is a viable and lightweight defense mechanism. While current experiments are conducted on GPT-2, future work should explore scalable unlearning techniques applicable to larger models such as Mistral-7B and Vicuna-7B.