@inproceedings{tang-etal-2026-oasis,
    title = "{OASIS}: Mitigating Harmful Fine-tuning Attacks on {LLM}s via Orthogonal and Adaptive Safety Alignment Strategy",
    author = "Tang, Jiayu  and
      Peng, Guowei  and
      Xie, Qiuhao  and
      Yang, Yuning  and
      Xie, Xiurui  and
      Liu, Guisong",
    editor = "Liakata, Maria  and
      Moreira, Viviane P.  and
      Zhang, Jiajun  and
      Jurgens, David",
    booktitle = "Proceedings of the 64th Annual Meeting of the {A}ssociation for {C}omputational {L}inguistics (Volume 1: Long Papers)",
    month = jul,
    year = "2026",
    address = "San Diego, California, United States",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingest-acl/2026.acl-long.1310/",
    pages = "28407--28421",
    ISBN = "979-8-89176-390-6",
    abstract = "The ``Fine-Tuning-as-a-Service'' paradigm exposes large language models to catastrophic safety degradation from less harmful samples. Alignment-stage defenses address this by proactively injecting adversarial perturbations to bolster the model{'}s inherent robustness against harmful drift. However, existing methods rely on perturbation directions that often conflict with harmful gradients, inadvertently facilitating the acquisition of malicious features rather than suppressing them. To address this issue, we propose Orthogonal and Adaptive Safety Alignment Strategy (OASIS) to mathematically decouple safety enforcement from harmful feature acquisition. By projecting perturbations orthogonal to harmful gradients and concentrating optimization on adaptively selected safety-critical layers, OASIS effectively resolves directional conflicts while maximizing parameter efficiency. Extensive experiments on four LLMs across three datasets (SST2, GSM8K, and AGNews) demonstrate that OASIS reduces the Harmful Score by approximately 60{\%} compared to competitive baselines, while maintaining stable downstream task utility."
}