Recent advancements in fine-tuning proprietary language models enable customized applications across various domains but also introduce two major challenges: high resource demands and security risks. Regarding resource demands, recent work proposes novel partial compression, such as BitDelta, to quantize the delta weights between the fine-tuned model and base model. Regarding the security risks, user-defined fine-tuning can introduce security vulnerabilities, such as alignment issues, backdoor attacks, and hallucinations. However, most of the current efforts in security assessment focus on the full-precision or full-compression models, it is not well-discussed how the partial compression methods affect security concerns. To bridge this gap, we evaluate the robustness of delta-weight quantization against these security threats. In this paper, we uncover a "free lunch" phenomenon: partial compression can enhance model security against fine-tuning-based attacks with bearable utility loss. Using Llama-2-7b-chat as a case study, we show that, with under 10% utility degradation, the partial compression mitigates alignment-breaking risks by up to 66.17%, harmful backdoor vulnerabilities by 64.46%, and targeted output manipulation risks by up to 90.53%. We further apply LogitLens to visualize internal state transformations during forward passes, suggesting mechanisms for both security failure and recovery in standard versus compressed fine-tuning. This work offers new insights into selecting effective delta compression methods for secure, resource-efficient multi-tenant services.

翻译：近期在微调专有语言模型方面的进展使得跨领域定制化应用成为可能，但也带来了两大挑战：高资源需求和安全风险。针对资源需求，近期研究提出了新颖的部分压缩方法，例如BitDelta，用于量化微调模型与基础模型之间的Delta权重。针对安全风险，用户定义的微调可能引入安全漏洞，例如对齐问题、后门攻击和幻觉生成。然而，当前大多数安全评估工作聚焦于全精度或全压缩模型，部分压缩方法如何影响安全关切尚未得到充分讨论。为填补这一空白，我们评估了Delta权重量化针对这些安全威胁的鲁棒性。本文揭示了一种“免费午餐”现象：部分压缩能够以可承受的效用损失为代价，增强模型抵御基于微调攻击的安全性。以Llama-2-7b-chat为案例研究，我们表明在效用损失低于10%的条件下，部分压缩可将对齐破坏风险降低高达66.17%，有害后门漏洞降低64.46%，定向输出操纵风险降低高达90.53%。我们进一步应用LogitLens可视化前向传播过程中的内部状态转换，揭示了标准微调与压缩微调中安全失效与恢复的机制。这项工作为选择有效的Delta压缩方法以实现安全、资源高效的多租户服务提供了新的见解。