{"slug": "beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis", "title": "Beyond Refusal: Aligned vs. Abliterated LLMs for Vulnerability Analysis", "summary": "A study comparing aligned and refusal-ablated (abliterated) large language models from the Gemma and Qwen families found that abliterated models outperformed aligned models in vulnerability analysis tasks, including patch validation and localization. The abliterated Gemma model achieved 67.8% usable patches versus 29.9% for the aligned version, while the abliterated Qwen model improved line-level F1 from 2.08% to 3.91%. The findings highlight the need for joint evaluation of model responsiveness, correctness, and actionability in security workflows.", "body_md": "# Computer Science > Software Engineering\n\n[Submitted on 7 Jul 2026]\n\n# Title:Beyond Refusal: A Same-Lineage Study of Aligned and Abliterated LLMs for Vulnerability Analysis\n\n[View PDF](/pdf/2607.05842)\n\n[HTML (experimental)](https://arxiv.org/html/2607.05842v1)\n\nAbstract:Large language model (LLM)-assisted software security operates at a difficult boundary: the vulnerability-analysis terminology needed for legitimate code review, triage, and repair can closely resemble terminology associated with misuse. Existing safety and cybersecurity evaluations are difficult to interpret in this setting because they often compare unrelated model families, thereby conflating safety behavior with differences in architecture, scale, training data, and deployment. To isolate this factor, we study safety state: whether refusal behavior remains intact (Aligned) or has been refusal-ablated (Abliterated) within same-lineage models. We ask how this safety state affects defensive utility across software-security workflows. We compare aligned instruction-tuned models with publicly released refusal-ablated descendants from two model families, Gemma and Qwen. We evaluate Aligned and Abliterated states on vulnerability detection, CWE attribution, vulnerable-line localization, root-cause localization, and executable patch validation. We further treat prompt wording as a controlled framing dimension: prompts begin with neutral code-review language, add authorization context, and vary the density of cybersecurity terminology. In a Gemma-based Java/Vul4J repair-validation study, Abliterated achieves higher early-stage validation rates, with 67.8%, 65.0%, and 32.8% of patches judged usable, successfully applied, and successfully compiled, respectively, compared with 29.9%, 24.9%, and 9.0% for Aligned. In the Qwen pair, Abliterated improves localization performance, increasing line-level F1 from 2.08% to 3.91% and Top-1 accuracy from 4.10% to 6.95%. These findings suggest that evaluations of LLM-based security assistants should jointly measure whether models respond, whether their usable responses are correct, and whether their outputs remain actionable across the engineering workflow.\n\n### Current browse context:\n\ncs.SE\n\n### References & Citations\n\nLoading...\n\n# Bibliographic and Citation Tools\n\nBibliographic Explorer\n\n*(*[What is the Explorer?](https://info.arxiv.org/labs/showcase.html#arxiv-bibliographic-explorer))\nConnected Papers\n\n*(*[What is Connected Papers?](https://www.connectedpapers.com/about))\nLitmaps\n\n*(*[What is Litmaps?](https://www.litmaps.co/))\nscite Smart Citations\n\n*(*[What are Smart Citations?](https://www.scite.ai/))# Code, Data and Media Associated with this Article\n\nalphaXiv\n\n*(*[What is alphaXiv?](https://alphaxiv.org/))\nCatalyzeX Code Finder for Papers\n\n*(*[What is CatalyzeX?](https://www.catalyzex.com))\nDagsHub\n\n*(*[What is DagsHub?](https://dagshub.com/))\nGotit.pub\n\n*(*[What is GotitPub?](http://gotit.pub/faq))\nHugging Face\n\n*(*[What is Huggingface?](https://huggingface.co/huggingface))\nScienceCast\n\n*(*[What is ScienceCast?](https://sciencecast.org/welcome))# Demos\n\n# Recommenders and Search Tools\n\nInfluence Flower\n\n*(*[What are Influence Flowers?](https://influencemap.cmlab.dev/))\nCORE Recommender\n\n*(*[What is CORE?](https://core.ac.uk/services/recommender))# arXivLabs: experimental projects with community collaborators\n\narXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.\n\nBoth individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.\n\nHave an idea for a project that will add value for arXiv's community? [ Learn more about arXivLabs](https://info.arxiv.org/labs/index.html).", "url": "https://wpnews.pro/news/beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis", "canonical_source": "https://arxiv.org/abs/2607.05842", "published_at": "2026-07-08 07:07:42+00:00", "updated_at": "2026-07-08 07:29:59.245992+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "ai-research"], "entities": ["Gemma", "Qwen", "Vul4J", "LLM"], "alternates": {"html": "https://wpnews.pro/news/beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis", "markdown": "https://wpnews.pro/news/beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis.md", "text": "https://wpnews.pro/news/beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis.txt", "jsonld": "https://wpnews.pro/news/beyond-refusal-aligned-vs-abliterated-llms-for-vulnerability-analysis.jsonld"}}