Safety alignment -- training large language models (LLMs) to refuse harmful requests while remaining helpful -- is critical for responsible deployment. Prior work established that safety behaviors are governed by low-rank structures, suggesting parameter-efficient fine-tuning (PEFT) should be well-suited for alignment. However, Low-Rank Adaptation (LoRA) consistently underperforms full fine-tuning and reinforcement learning on safety benchmarks. We attribute this gap to semantic entanglement: safety-relevant directions are intertwined with unrelated concepts due to polysemanticity, impeding implicit subspace identification. To address this, we propose SAILS (Safety Alignment via Interpretable Low-rank Subspace), which leverages Sparse Autoencoders (SAEs) to disentangle representations into monosemantic features, constructs an interpretable safety subspace from SAE decoder directions, and uses it to initialize LoRA adapters. Theoretically, we prove that SAE-based identification achieves arbitrarily small recovery error under monosemanticity assumptions, while direct identification suffers an irreducible error floor. Empirically, SAILS achieves up to 99.6% safety rate on Gemma-2-9B -- exceeding full fine-tuning by 7.4 points and matching RLHF-based models -- while updating only 0.19% of parameters and providing interpretability.

翻译：安全对齐——训练大语言模型（LLMs）使其在拒绝有害请求的同时保持帮助性——对于负责任地部署模型至关重要。先前的研究表明，安全行为受低秩结构支配，这表明参数高效微调（PEFT）应非常适合用于对齐任务。然而，低秩适配（LoRA）在安全基准测试中始终表现不及全参数微调和强化学习方法。我们将此差距归因于语义纠缠：由于多义性，与安全相关的方向与其他无关概念交织在一起，阻碍了隐式子空间的识别。为解决此问题，我们提出了SAILS（基于可解释低秩子空间的安全对齐），该方法利用稀疏自编码器（SAEs）将表示解耦为单义特征，从SAE解码器方向构建一个可解释的安全子空间，并用其初始化LoRA适配器。理论上，我们证明了在单义性假设下，基于SAE的识别方法可以实现任意小的恢复误差，而直接识别方法则存在不可约的误差下限。实证结果表明，SAILS在Gemma-2-9B模型上实现了高达99.6%的安全率——超过全参数微调7.4个百分点，并与基于RLHF的模型性能相当——同时仅更新0.19%的参数，并提供了可解释性。