Safe Vision-Language Models via Unsafe Weights Manipulation
This addresses safety issues in vision-language models for AI deployment, offering a novel non-training approach that mitigates unsafe behaviors without compromising performance on safe inputs.
The paper tackles the problem of vision-language models inheriting unsafe biases from training data, and introduces Unsafe Weights Manipulation (UWM), a method that manipulates key parameters to improve safety on unsafe queries while outperforming training-based methods on safe ones, achieving the best tradeoff between safety and knowledge preservation.
Vision-language models (VLMs) often inherit the biases and unsafe associations present within their large-scale training dataset. While recent approaches mitigate unsafe behaviors, their evaluation focuses on how safe the model is on unsafe inputs, ignoring potential shortcomings on safe ones. In this paper, we first revise safety evaluation by introducing SafeGround, a new set of metrics that evaluate safety at different levels of granularity. With this metric, we uncover a surprising issue of training-based methods: they make the model less safe on safe inputs. From this finding, we take a different direction and explore whether it is possible to make a model safer without training, introducing Unsafe Weights Manipulation (UWM). UWM uses a calibration set of safe and unsafe instances to compare activations between safe and unsafe content, identifying the most important parameters for processing the latter. Their values are then manipulated via negation. Experiments show that UWM achieves the best tradeoff between safety and knowledge preservation, consistently improving VLMs on unsafe queries while outperforming even training-based state-of-the-art methods on safe ones.