Large Language Models (LLMs) and Vision Language Models (VLMs) have demonstrated impressive capabilities but remain vulnerable to jailbreaking attacks, where adversaries exploit textual or visual triggers to bypass safety guardrails. Recent defenses typically rely on safety fine-tuning or external filters to reduce the model's likelihood of producing harmful content. While effective to some extent, these methods often incur significant computational overheads and suffer from the safety utility trade-off, degrading the model's performance on benign tasks. To address these challenges, we propose EVA (Editing for Versatile Alignment against Jailbreaks), a novel framework that pioneers the application of direct model editing for safety alignment. EVA reframes safety alignment as a precise knowledge correction task. Instead of retraining massive parameters, EVA identifies and surgically edits specific neurons responsible for the model's susceptibility to harmful instructions, while leaving the vast majority of the model unchanged. By localizing the updates, EVA effectively neutralizes harmful behaviors without compromising the model's general reasoning capabilities. Extensive experiments demonstrate that EVA outperforms baselines in mitigating jailbreaks across both LLMs and VLMs, offering a precise and efficient solution for post-deployment safety alignment.

翻译：大语言模型（LLMs）与视觉语言模型（VLMs）虽已展现出卓越能力，但仍易受越狱攻击——攻击者通过文本或视觉触发词绕过安全护栏。现有防御手段主要依赖安全微调或外部过滤器降低模型生成有害内容的概率，虽具一定效果，但常引入显著计算开销，并面临安全性与实用性的权衡困境，导致模型在良性任务上性能下降。为解决上述挑战，我们提出EVA（面向越狱攻击的多功能对齐编辑框架），该框架开创性地将直接模型编辑技术应用于安全对齐。EVA将安全对齐重构为精准的知识修正任务：通过定位并手术式编辑导致模型对有害指令敏感的特异性神经元，同时保留绝大多数模型参数不变，在消除有害行为的同时维持模型通用推理能力。大量实验表明，EVA在缓解LLMs与VLMs越狱攻击方面均超越基线方法，为部署后安全对齐提供了精准高效的解决方案。