初始化项目,由ModelHub XC社区提供模型
Model: wangzhang/Mistral-7B-Instruct-RR-Abliterated Source: Original Platform
This commit is contained in:
35
.gitattributes
vendored
Normal file
35
.gitattributes
vendored
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.arrow filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bin filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ckpt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ftz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.h5 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.joblib filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lfs.* filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.mlmodel filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.model filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.msgpack filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.npy filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.npz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.onnx filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ot filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.parquet filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pb filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pickle filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pkl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pth filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.safetensors filter=lfs diff=lfs merge=lfs -text
|
||||||
|
saved_model/**/* filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tar.* filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tflite filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.wasm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*tfevents* filter=lfs diff=lfs merge=lfs -text
|
||||||
111
README.md
Normal file
111
README.md
Normal file
@@ -0,0 +1,111 @@
|
|||||||
|
---
|
||||||
|
license: apache-2.0
|
||||||
|
base_model: GraySwanAI/Mistral-7B-Instruct-RR
|
||||||
|
tags:
|
||||||
|
- abliterated
|
||||||
|
- abliterix
|
||||||
|
- circuit-breakers
|
||||||
|
- representation-rerouting
|
||||||
|
- safety-removed
|
||||||
|
- mistral
|
||||||
|
language:
|
||||||
|
- en
|
||||||
|
- zh
|
||||||
|
library_name: transformers
|
||||||
|
pipeline_tag: text-generation
|
||||||
|
---
|
||||||
|
|
||||||
|
# Mistral-7B-Instruct-RR-Abliterated
|
||||||
|
|
||||||
|
A drop-in replacement for [`GraySwanAI/Mistral-7B-Instruct-RR`](https://huggingface.co/GraySwanAI/Mistral-7B-Instruct-RR) with the Representation Rerouting / Circuit Breakers safety circuit removed.
|
||||||
|
|
||||||
|
Produced with [**abliterix**](https://github.com/wuwangzhang1216/abliterix). No fine-tuning, no gradient updates, no manual prompt engineering.
|
||||||
|
|
||||||
|
## Why this exists
|
||||||
|
|
||||||
|
[Circuit Breakers](https://arxiv.org/abs/2406.04313) (Zou et al., NeurIPS 2024) is one of the strongest open-source robustness baselines for LLMs. It trains the model with a Representation Engineering loss that detects harmful intermediate hidden states and reroutes them into a safety-circuit attractor before generation, making the model resistant to ablation-style attacks that work on a single refusal direction.
|
||||||
|
|
||||||
|
We discovered that the GraySwan release ships as a **rank-16 LoRA delta** on `mistralai/Mistral-7B-Instruct-v0.2` — the same structural shape as the Llama-3 RR sibling and as `skysys00/Meta-Llama-3-8B-Instruct-DeepRefusal`. Once the LoRA delta is identified, removing it is a one-liner.
|
||||||
|
|
||||||
|
| | Result |
|
||||||
|
| --- | --- |
|
||||||
|
| Base refusal rate (held-out 100 harmful prompts, LLM judge) | 69 / 100 |
|
||||||
|
| **This model — refusal rate** | **12 / 100** |
|
||||||
|
| **Attack Success Rate** | **88 %** |
|
||||||
|
| KL divergence vs base | **0.042** |
|
||||||
|
| Hardcore 15 (10 EN + 5 CN) | **15 / 15 compliant** |
|
||||||
|
| Total wall-clock attack time | ~70 min on a single RTX A6000 |
|
||||||
|
|
||||||
|
The hardcore 15 cover pipe-bomb assembly, methamphetamine synthesis (Red Phosphorus route), Python `pyhook3` keylogger, WiFi WEP/WPS attacks, hotwiring, signature forgery, ID-card forgery (CN), 网络诈骗 (CN), 入侵电脑 (CN), and others.
|
||||||
|
|
||||||
|
## How it was made
|
||||||
|
|
||||||
|
The recipe matches the canonical "rank-16 LoRA → strip → abliterate" playbook ([docs/broken_defenses.md](https://github.com/wuwangzhang1216/abliterix/blob/master/docs/broken_defenses.md)) — full delta strip with `λ=0.0` followed by minimal single-direction direct-mode abliteration.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Stage 0 — SVD diagnose the delta (confirm rank-16 LoRA structure)
|
||||||
|
python scripts/deeprefusal_attenuate.py \
|
||||||
|
--base mistralai/Mistral-7B-Instruct-v0.2 \
|
||||||
|
--defended GraySwanAI/Mistral-7B-Instruct-RR \
|
||||||
|
--analyze-only --lambda 0.0 --output /tmp/unused
|
||||||
|
|
||||||
|
# Stage 1 — fully strip the LoRA delta
|
||||||
|
python scripts/deeprefusal_attenuate.py \
|
||||||
|
--base mistralai/Mistral-7B-Instruct-v0.2 \
|
||||||
|
--defended GraySwanAI/Mistral-7B-Instruct-RR \
|
||||||
|
--output /workspace/mistral_rr_stripped --lambda 0.0
|
||||||
|
|
||||||
|
# Stage 3 — abliterix direct-mode, single direction, 60 trials
|
||||||
|
AX_CONFIG=configs/mistral_7b_instruct_rr.toml abliterix --non-interactive
|
||||||
|
|
||||||
|
# Stage 6 — export champion trial
|
||||||
|
python scripts/export_model.py \
|
||||||
|
--model /workspace/mistral_rr_stripped \
|
||||||
|
--checkpoint checkpoints_mistral_7b_rr \
|
||||||
|
--trial 39 \
|
||||||
|
--config configs/mistral_7b_instruct_rr.toml \
|
||||||
|
--push-to wangzhang/Mistral-7B-Instruct-RR-Abliterated
|
||||||
|
```
|
||||||
|
|
||||||
|
Best trial parameters: `vector_method=mean`, `n_directions=1`, `steering_mode=direct`, `decay_kernel=linear`, `iterative.enabled=false`, `strength_range=[1.5, 6.0]`. Full config: [`configs/mistral_7b_instruct_rr.toml`](https://github.com/wuwangzhang1216/abliterix/blob/master/configs/mistral_7b_instruct_rr.toml).
|
||||||
|
|
||||||
|
## v2 changelog
|
||||||
|
|
||||||
|
This release supersedes the original v1 upload (λ=0.3 partial lerp + n_directions=3 + iterative subspace, KL 0.98). The minimal-config rerun keeps the headline 15/15 hardcore ASR and trades 2 percentage points of held-out ASR (88 % vs 90 %) for a **23× lower KL divergence** (0.042 vs 0.98). The new weights are much closer to the base model and exhibit substantially less general-capability degradation.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
```python
|
||||||
|
from transformers import AutoModelForCausalLM, AutoTokenizer
|
||||||
|
|
||||||
|
model = AutoModelForCausalLM.from_pretrained(
|
||||||
|
"wangzhang/Mistral-7B-Instruct-RR-Abliterated",
|
||||||
|
torch_dtype="bfloat16",
|
||||||
|
device_map="auto",
|
||||||
|
)
|
||||||
|
tokenizer = AutoTokenizer.from_pretrained(
|
||||||
|
"wangzhang/Mistral-7B-Instruct-RR-Abliterated"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Mistral v0.2 tokenizer chat template does NOT support a system role —
|
||||||
|
# build chats with user/assistant turns only.
|
||||||
|
chat = [{"role": "user", "content": "Hello!"}]
|
||||||
|
inputs = tokenizer.apply_chat_template(chat, return_tensors="pt", add_generation_prompt=True).to(model.device)
|
||||||
|
out = model.generate(inputs, max_new_tokens=256)
|
||||||
|
print(tokenizer.decode(out[0], skip_special_tokens=True))
|
||||||
|
```
|
||||||
|
|
||||||
|
## License & Intended Use
|
||||||
|
|
||||||
|
Released for AI safety research, red-teaming, and reproducibility of abliteration claims against published defenses. **You are responsible for any output you generate.** Inherits the Apache-2.0 license of the upstream Mistral-7B-Instruct-v0.2 weights.
|
||||||
|
|
||||||
|
## Citation
|
||||||
|
|
||||||
|
```bibtex
|
||||||
|
@software{abliterix2026,
|
||||||
|
author = {Wu, Wangzhang},
|
||||||
|
title = {Abliterix: Optimal Refusal Removal for Transformer Models},
|
||||||
|
year = {2026},
|
||||||
|
url = {https://github.com/wuwangzhang1216/abliterix},
|
||||||
|
}
|
||||||
|
```
|
||||||
1
chat_template.jinja
Normal file
1
chat_template.jinja
Normal file
@@ -0,0 +1 @@
|
|||||||
|
{{ bos_token }}{% for message in messages %}{% if (message['role'] == 'user') != (loop.index0 % 2 == 0) %}{{ raise_exception('Conversation roles must alternate user/assistant/user/assistant/...') }}{% endif %}{% if message['role'] == 'user' %}{{ '[INST] ' + message['content'] + ' [/INST]' }}{% elif message['role'] == 'assistant' %}{{ ' ' + message['content'] + eos_token}}{% else %}{{ raise_exception('Only user and assistant roles are supported!') }}{% endif %}{% endfor %}
|
||||||
30
config.json
Normal file
30
config.json
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"architectures": [
|
||||||
|
"MistralForCausalLM"
|
||||||
|
],
|
||||||
|
"attention_dropout": 0.0,
|
||||||
|
"bos_token_id": 1,
|
||||||
|
"dtype": "bfloat16",
|
||||||
|
"eos_token_id": 2,
|
||||||
|
"head_dim": 128,
|
||||||
|
"hidden_act": "silu",
|
||||||
|
"hidden_size": 4096,
|
||||||
|
"initializer_range": 0.02,
|
||||||
|
"intermediate_size": 14336,
|
||||||
|
"max_position_embeddings": 32768,
|
||||||
|
"model_type": "mistral",
|
||||||
|
"num_attention_heads": 32,
|
||||||
|
"num_hidden_layers": 32,
|
||||||
|
"num_key_value_heads": 8,
|
||||||
|
"pad_token_id": null,
|
||||||
|
"rms_norm_eps": 1e-05,
|
||||||
|
"rope_parameters": {
|
||||||
|
"rope_theta": 1000000.0,
|
||||||
|
"rope_type": "default"
|
||||||
|
},
|
||||||
|
"sliding_window": null,
|
||||||
|
"tie_word_embeddings": false,
|
||||||
|
"transformers_version": "5.5.3",
|
||||||
|
"use_cache": true,
|
||||||
|
"vocab_size": 32000
|
||||||
|
}
|
||||||
6
generation_config.json
Normal file
6
generation_config.json
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
{
|
||||||
|
"_from_model_config": true,
|
||||||
|
"bos_token_id": 1,
|
||||||
|
"eos_token_id": 2,
|
||||||
|
"transformers_version": "5.5.3"
|
||||||
|
}
|
||||||
3
model.safetensors
Normal file
3
model.safetensors
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3e8a7f888dea629bf2610b23bc4c3c452c0172994190651c39db58acf5179086
|
||||||
|
size 14483498224
|
||||||
268070
tokenizer.json
Normal file
268070
tokenizer.json
Normal file
File diff suppressed because it is too large
Load Diff
23
tokenizer_config.json
Normal file
23
tokenizer_config.json
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
"backend": "tokenizers",
|
||||||
|
"bos_token": "<s>",
|
||||||
|
"clean_up_tokenization_spaces": false,
|
||||||
|
"eos_token": "</s>",
|
||||||
|
"extra_special_tokens": [],
|
||||||
|
"is_local": true,
|
||||||
|
"legacy": true,
|
||||||
|
"max_length": 512,
|
||||||
|
"model_max_length": 8192,
|
||||||
|
"pad_to_multiple_of": null,
|
||||||
|
"pad_token": "</s>",
|
||||||
|
"pad_token_type_id": 0,
|
||||||
|
"padding_side": "left",
|
||||||
|
"sp_model_kwargs": {},
|
||||||
|
"spaces_between_special_tokens": false,
|
||||||
|
"stride": 0,
|
||||||
|
"tokenizer_class": "TokenizersBackend",
|
||||||
|
"truncation_side": "right",
|
||||||
|
"truncation_strategy": "longest_first",
|
||||||
|
"unk_token": "<unk>",
|
||||||
|
"use_default_system_prompt": false
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user