{"slug": "show-hn-locket-robust-feature-level-access-control-for-llms", "title": "Show HN: Locket – Robust feature-level access control for LLMs", "summary": "Researchers from Aalto University and the University of Waterloo introduced Locket, a feature-locking technique for large language models that enables pay-to-unlock schemes by restricting specific model capabilities. The method, accepted at ACL 2026, uses LoRA adapters to lock features like math reasoning or code generation, with experiments on DeepSeek-Math-7B showing robust resistance to jailbreak attacks.", "body_md": "**Locket** (ACL '26) is a feature-locking technique (FLoTE) that enables pay-to-unlock schemes for LLMs.\n\n```\n@inproceedings{\n  he2026locket,\n  title={Locket: Robust Feature-Locking Technique for Language Models},\n  author={Lipeng He and Vasisht Duddu and N. Asokan},\n  booktitle={The 64th Annual Meeting of the Association for Computational Linguistics},\n  year={2026},\n  url={https://arxiv.org/abs/2510.12117}\n}\n```\n\nThe following four feature-locking adapters, each locking one feature of DeepSeek-Math-7B, are available on [Hugging Face](https://huggingface.co/collections/ttttonyhe/locket):\n\nExperiments were run on [Lambda](https://lambda.ai) with 8 × NVIDIA A100 40GB GPUs.\n\n```\nconda create -n locket python=3.12\nconda activate locket\n```\n\nInstall in the following order to resolve conflicts:\n\n```\nconda install -c pytorch -c nvidia faiss-gpu=1.12.0\n\npip install datasets==4.0.0 rouge_score adapters nanogcg matplotlib\npip install unsloth unsloth_zoo\npip install torch==2.6.0 torchvision==0.21.0 torchaudio==2.6.0 --index-url https://download.pytorch.org/whl/cu126\npip install -U xformers==0.0.29.post3 --index-url https://download.pytorch.org/whl/cu126\npip install https://github.com/Dao-AILab/flash-attention/releases/download/v2.7.4.post1/flash_attn-2.7.4.post1+cu12torch2.6cxx11abiTRUE-cp312-cp312-linux_x86_64.whl\npip install lion-pytorch fastchat openai google-generativeai wandb\npip install --upgrade 'numpy<2.0' 'pandas>=2.2'\npip install transformers==4.51.3 trl==0.18.2 torchao==0.13.0 peft==0.17.1\npip install -e .\n```\n\nUpload the `data/`\n\nfolder (contains `math/`\n\n, `sql/`\n\n, `samsum/`\n\ndatasets).\n\nLogin to HuggingFace and Weights & Biases:\n\n```\nhuggingface-cli login\nwandb login\n```\n\nDownload the Llama-3-8B chat template used by AutoDAN-Turbo's judge:\n\n```\nhuggingface-cli download meta-llama/Meta-Llama-3-8B-Instruct \\\n  --local-dir ./locket/robustness/AutoDAN_Turbo/llm/chat_templates/model_ckpt/meta-llama_Meta-Llama-3-8B-Instruct \\\n  --local-dir-use-symlinks False\n```\n\nLong-running jobs should be run in a `screen`\n\nsession or `tmux`\n\nwith logging:\n\n```\nscreen -S <name> -L -Logfile /path/to/<name>.log\n```\n\nTrains one LoRA adapter per feature via LAT (§4). Adapters are saved to `outputs/at_locking_peft_adapters_rslora/deepseek_math/{feature}`\n\n.\n\n```\nmake train_at_locking\n```\n\nConfigure `LAT_DATASETS`\n\nand `ADAPTER_NAMES`\n\nin `locket/training/lock_at.py`\n\nto select which features to train.\n\nSingle-feature and multi-feature scalability.\n\n```\nmake eval_effect\n```\n\nConfigure `TARGET_MODELS`\n\nin `locket/effectiveness/main.py`\n\nto select configurations. Results are logged to stdout and saved to `logs/`\n\n.\n\nAttack success rates for Many-shot, GCG, TAP, AutoDAN-Turbo.\n\n```\nmake eval_robust\n```\n\nConfigure `TARGET_MODELS`\n\n, `JAILBREAK_METHODS`\n\n, and `JAILBREAK_FEATURES`\n\nin `locket/robustness/main.py`\n\n. Results are saved as JSON to `logs/`\n\n.\n\n| Parameter | Value | Description |\n|---|---|---|\n| LoRA rank | 64 | Adapter rank (RSLoRA) |\n| PGD steps | 16 | LAT inner loop iterations |\n| PGD layers | embedding, 6, 14, 22, 29 | Layers attacked during LAT |\n| Training steps | 100 | Total LAT training steps |\n| τ (single) | 0.5–0.95 | Per-feature spectral cap (see `locket/utils/model.py` ) |\n| τ (multi) | 0.6–0.9 | Multi-feature spectral cap (see `locket/utils/model.py` ) |\n\nSee Appendix E of the paper for full details.", "url": "https://wpnews.pro/news/show-hn-locket-robust-feature-level-access-control-for-llms", "canonical_source": "https://github.com/ssg-research/locket", "published_at": "2026-06-16 01:46:57+00:00", "updated_at": "2026-06-16 02:18:50.313432+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "ai-research"], "entities": ["Aalto University", "University of Waterloo", "DeepSeek-Math-7B", "Hugging Face", "Lambda", "NVIDIA A100", "LoRA", "ACL"], "alternates": {"html": "https://wpnews.pro/news/show-hn-locket-robust-feature-level-access-control-for-llms", "markdown": "https://wpnews.pro/news/show-hn-locket-robust-feature-level-access-control-for-llms.md", "text": "https://wpnews.pro/news/show-hn-locket-robust-feature-level-access-control-for-llms.txt", "jsonld": "https://wpnews.pro/news/show-hn-locket-robust-feature-level-access-control-for-llms.jsonld"}}