pith. sign in

Patching LLM Like Software: A Lightweight Method for Improving Safety Policy in Large Language Models

1 Pith paper cite this work. Polarity classification is still indexing.

1 Pith paper citing it
abstract

We propose patching for large language models (LLMs) like software versions, a lightweight and modular approach for addressing safety vulnerabilities. While vendors release improved LLM versions, major releases are costly, infrequent, and difficult to tailor to customer needs, leaving released models with known safety gaps. Unlike full-model fine-tuning or major version updates, our method enables rapid remediation by prepending a compact, learnable prefix to an existing model. This "patch" introduces only 0.003% additional parameters, yet reliably steers model behavior toward that of a safer reference model. Across three critical domains (toxicity mitigation, bias reduction, and harmfulness refusal) policy patches achieve safety improvements comparable to next-generation safety-aligned models while preserving fluency. Our results demonstrate that LLMs can be "patched" much like software, offering vendors and practitioners a practical mechanism for distributing scalable, efficient, and composable safety updates between major model releases.

fields

cs.CR 1

years

2026 1

verdicts

UNVERDICTED 1

representative citing papers

Patcher: Post-Hoc Patching of Backdoored Large Language Models

cs.CR · 2026-06-02 · unverdicted · novelty 6.0

Patcher repairs backdoored LLMs from a single failure case by localizing triggers via response-conditioned gradient saliency and adaptive clustering then applying constrained fine-tuning to break trigger associations.

citing papers explorer

Showing 1 of 1 citing paper.

  • Patcher: Post-Hoc Patching of Backdoored Large Language Models cs.CR · 2026-06-02 · unverdicted · none · ref 3 · internal anchor

    Patcher repairs backdoored LLMs from a single failure case by localizing triggers via response-conditioned gradient saliency and adaptive clustering then applying constrained fine-tuning to break trigger associations.