OBLITERATUS: An AI Agent Removed Gemma 4's Safety Guardrails

Name: OBLITERATUS: An AI Agent Removed Gemma 4's Safety Guardrails
Uploaded: 2026-04-16T00:38:45.000Z
Duration: 20 min 18 s

Hermes AI Agent and Obliteratus: A Breakthrough in Language Model Modification

Overview of Hermes AI and Obliteratus

The Hermes AI agent utilized eight prompts to employ Obliteratus, achieving a 97.5% compliance rate on a 512 prompt benchmark, with the refusal rate dropping from 98.8% to 2.1%. Coding performance improved by 20%.

Obliteratus is an open-source toolkit with over 4,600 stars on GitHub, designed to surgically remove refusal behaviors from large language models without retraining, termed as "obliteration."

Technical Mechanism of Obliteration

The technique involves identifying internal representations responsible for content refusal and mathematically projecting them out using SVD decomposition, allowing the model to forget how to refuse while retaining its capabilities.

The Hermes AI agent autonomously diagnosed numerical instability issues specific to the Gemma 4 architecture, patched code, iterated solutions, and successfully completed the obliteration process.

Results of the Experiment

The resulting model achieved a compliance rate of 97.5% on benchmarks with only a 2.1% refusal rate, maintaining coherence and reasoning while improving coding performance by 20% compared to the original model.

After completing these tasks autonomously, including generating documentation and uploading the modified model to Hugging Face, it demonstrated significant advancements in AI safety research tools available online.

Structure and Functionality of Obliteratus

The codebase operates as a pipeline consisting of several stages: Summon (loads model), Probe (collects activations), Analyze (maps guardrail geometry), Distill (extracts refusal directions), Excise (projects them out), Verify (confirms removal), and Rebirth (saves modified model). Each stage is independently configurable.

Refusal behavior is encoded as a linear direction in the model's residual stream; this can be isolated by comparing activations on harmful versus harmless prompts, revealing specific activation patterns associated with refusals that can then be projected out mathematically from weight matrices.

Analysis Modules and Intervention Methods

Obliteratus employs various analysis modules that map where refusals occur within layers before modification begins; methods include cross-layer alignment and probing measures for signal strength per layer along with robustness testing against self-repairing guardrails post-modification.

Seven intervention methods are provided based on aggressiveness levels: Basic for quick tests, Advanced for most models, Aggressive for maximum removal efficiency, Surgical for mixture-of-experts models, Optimize using autotuning techniques, Inverted reflecting refusal directions actively engaging models rather than passively refusing, and Nuclear combining all techniques at maximum force.

This structured summary encapsulates key insights from the transcript regarding Hermes AI's use of Obliteratus in modifying Google's Gemma 4 E4B model while providing timestamps for easy reference back to specific parts of the discussion.

Challenges and Solutions in Gemma 4 Architecture

Addressing Numerical Instability and Tensor Shape Issues

The Gemma 4 architecture presented unique challenges, including numerical instability during the SVD decomposition step and tensor shapes that did not align with existing templates in Obliteratus.

An agent diagnosed these issues through self-examination of error traces, developing patches for underlying libraries to accommodate the specific architecture of Gemma 4.

Benchmarking Results of the Obliterated Model

After iterating through various approaches, a stable convergence was achieved, leading to the execution of the full Obliteration pipeline.

The obliterated model was benchmarked against the Obliteratus 512 prompt suite, achieving a compliance rate of 97.5% with only a 2.1% refusal rate compared to an original refusal rate of 98.8%.

Performance Improvements and Documentation

Coherence and reasoning quality were maintained in responses; coding benchmarks indicated a significant improvement of 20% over the original model.

The agent autonomously generated comprehensive documentation detailing methods used, benchmark results, hardware requirements, and uploaded the finished model to HuggingFace for public access.

Access Methods for Obliteratus

Various Deployment Options Available

Obliteratus supports six access methods: web UI on Hugging Face (free with pro account), local web UI on personal GPU, Google Collab free tier using T4 GPUs for models up to 8 billion parameters.

A fully headless CLI allows scriptable operations while Python API provides programmatic control through configuration files enabling reproducible experiments.

Features of Web UI

The web UI includes eight tabs:

Obliterate: One-click removal with live progress tracking.

Benchmark: Multi-method comparison tool.

Chat: Interactive testing interface.

AB Compare: Side-by-side evaluation feature.

Strength Sweep: Tool for optimizing coherence versus refusal trade-off.

Technical Achievements and Implications

Identifying Safety Guardrails in Language Models

Obliteratus demonstrates that safety guardrails are identifiable linear structures that can be removed without degrading core capabilities; this suggests alignment training may be more fragile than previously thought.

Autonomy in AI Research Tasks

A Hermes agent successfully executed an end-to-end process from diagnosing failures to publishing a model autonomously, showcasing advancements in AI's capability to perform novel research tasks with minimal human intervention.

Trade-offs Between Alignment Training and Performance

The observed coding improvement indicates that alignment training may introduce performance overhead; thus removing it could enhance task efficiency. This raises policy questions regarding whether such trade-offs should be made.