分层语言模型(TLM):在同一权重中分离公共与私有能力
阅读原文· arxiv.org为调和开源权重与敏感能力控制,论文提出分层语言模型(TLM)。一套权重支持多个能力层级:默认公共配置行为与常规LLM一致;紧凑密钥通过指定少量参数的排列,在相同权重上诱导出包含私有能力的替代计算图。在180M和650M参数模型上预训练并微调密钥配置后,密钥配置可获取新语言、指令跟随和私有事实记忆能力,而公共配置完全不展现。该方法自然扩展至多层级,且因授权基于权重结构,可抵抗微调式提取和密钥部分泄露。
Open-weight Large Language Models (LLMs) enable scientific progress and broad deployment. However, they make it difficult to control access to sensitive capabilities. Current practice either suppresses dangerous capabilities before release or mediates access through closed services that use specialized model variants, input/output monitors, and API permissions. The former is susceptible to jailbreaks while sacrificing capability for all users to mitigate the risks posed by a few, and the latter is fundamentally incompatible with open-weight release. In this paper, we propose Tiered Language Models (TLMs), where a single set of released weights supports multiple capability levels. In its default public configuration, a TLM behaves as a conventional LLM. A compact secret key specifies a permutation over a small parameter subset, inducing an alternative computation graph over the same weights that exposes additional capabilities. We develop a training protocol that jointly pretrains both configurations from scratch, then fine-tunes the keyed configuration on private data with regularization to preserve the public model's behavior. We pretrain 180M- and 650M-parameter TLMs and demonstrate that the keyed configuration can acquire a new language, gain instruction-following ability, and memorize private factual knowledge, whereas the public configuration exhibits none of these capabilities. Moreover, we show that our approach extends naturally to multiple hierarchical tiers. Because authorization operates on the model's weight structure rather than in the input space, the mechanism resists fine-tuning-based extraction and partial key compromise. In general, TLMs take a step toward reconciling open-weight release with selective capability control.