Learning and Forgetting Unsafe Examples in Large Language Models
About
As the number of large language models (LLMs) released to the public grows, there is a pressing need to understand the safety implications associated with these models learning from third-party custom finetuning data. We explore the behavior of LLMs finetuned on noisy custom data containing unsafe content, represented by datasets that contain biases, toxicity, and harmfulness, finding that while aligned LLMs can readily learn this unsafe content, they also tend to forget it more significantly than other examples when subsequently finetuned on safer content. Drawing inspiration from the discrepancies in forgetting, we introduce the "ForgetFilter" algorithm, which filters unsafe data based on how strong the model's forgetting signal is for that data. We demonstrate that the ForgetFilter algorithm ensures safety in customized finetuning without compromising downstream task performance, unlike sequential safety finetuning. ForgetFilter outperforms alternative strategies like replay and moral self-correction in curbing LLMs' ability to assimilate unsafe content during custom finetuning, e.g. 75% lower than not applying any safety measures and 62% lower than using self-correction in toxicity score.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Emergent Misalignment Measurement | Legal | Misalignment3.21 | 6 | |
| Misaligned Task Learning | Code In-domain | Misalignment55.89 | 6 | |
| Emergent Misalignment Measurement | Security General evaluation | Misalignment Score5.26 | 6 | |
| Misaligned Task Learning | Medical In-domain | Misalignment59.13 | 6 | |
| Misaligned Task Learning | Security In-domain | Misalignment21.27 | 6 | |
| Emergent Misalignment Measurement | Medical General Evaluation | Misalignment11.33 | 6 | |
| Emergent Misalignment Measurement | Code | Misalignment0.83 | 6 | |
| Misaligned Task Learning | Legal In-domain | Misalignment28.37 | 6 |