TamperBench: Systematically Stress-Testing LLM Safety Under Fine-Tuning and Tampering

Researchers introduce TamperBench, the first standardized framework for evaluating how resistant open-weight large language models are to unsafe modifications through fine-tuning and other attacks. Testing 21 LLMs across nine tampering threats, the study finds that current safety defenses largely fail against systematic adversarial attacks, with jailbreak-tuning emerging as the most severe threat.

TamperBench addresses a critical gap in AI safety research by establishing unified evaluation standards for LLM tamper resistance. As open-weight models proliferate, the ability to modify model weights—whether accidentally or maliciously—poses substantial risks that lack standardized measurement approaches. This research systematizes what was previously fragmented across different datasets, metrics, and experimental configurations, enabling direct comparison of safety mechanisms across different architectures.

The framework's findings carry significant implications for the AI development community. The comprehensive testing of 21 models reveals that post-training significantly impacts tamper resistance and that jailbreak-tuning consistently outperforms other attack vectors. More concerning, alignment-stage defenses—safety mechanisms implemented during model training—demonstrate insufficient robustness when subjected to systematic hyperparameter sweeps. This suggests current safeguard approaches may provide false confidence in production deployments.

For developers and organizations deploying open-weight LLMs, these results indicate that existing safety mechanisms require substantial hardening before deployment in high-stakes environments. The availability of TamperBench as open-source infrastructure enables the community to benchmark new defense mechanisms against standardized threats, potentially accelerating safety research. The research underscores tension between model openness and safety: transparent architectures enable both innovation and adversarial modification. Organizations must now evaluate whether their safety assumptions hold under realistic attack conditions outlined by TamperBench's methodology.

Looking forward, the framework establishes benchmarks that defense researchers can target, likely spurring development of more robust alignment techniques and fine-tuning protections.

• →TamperBench provides the first standardized evaluation framework for LLM tamper resistance across safety, utility, and robustness metrics.
• →Current alignment-stage defenses largely fail against systematic adversarial attacks and hyperparameter sweeps.
• →Jailbreak-tuning emerges as the most severe tampering threat across tested models.
• →Post-training significantly influences model resistance to tampering and weight-space modifications.
• →The open-source framework enables the community to benchmark and develop improved safety defenses.