Safeguard.sh
AI Security

Fine-Tune Drift Measured On Eval Sets

Fine-tuning to improve one task frequently regresses others. Without eval harnesses, the regressions ship. The measurable drift is larger than vendors admit.

Shadab Khan
Security Engineer
2 min read

Fine-tuning a model to improve a specific task often improves that task and regresses others. Published research documents this consistently: a model fine-tuned on coding tasks loses reasoning ability on non-coding tasks; a model fine-tuned on refusal loses utility on legitimate requests. In production AI-for-security deployments, fine-tuning that improves vulnerability detection can regress adversarial resistance, advisory summarisation, or fix-PR quality. Without eval harnesses to catch it, the regressions ship silently.

What the drift looks like

Three typical patterns:

  • Task-target improvement, adjacent regression. Target task up 10 points; adjacent task down 5 points. Net positive on the single metric; net negative across the workload.
  • Adversarial-resistance erosion. Fine-tuning for compliance or helpfulness often reduces jailbreak refusal.
  • Long-tail coverage loss. Fine-tuning on common cases degrades performance on rare cases.

Each is measurable; each is invisible without eval.

Why vendors under-report

Three incentives:

  • Headline metrics matter. Vendors publish the improved metric; the regressions are footnotes.
  • Eval investment is expensive. Running comprehensive evals on every fine-tune takes infrastructure.
  • Customer pressure is asymmetric. Customers ask about the task they care about; they don't ask about adjacent regressions.

The result: public numbers overstate net improvement.

How comprehensive evals catch it

Griffin AI runs five eval families on every release:

  • Exploit hypothesis
  • Remediation PR correctness
  • Advisory summarisation
  • Cross-finding correlation
  • Adversarial resistance

A release that improves one and regresses another is caught. The regression gate blocks the release until the regression is addressed.

What customers should ask

Three questions of any AI-for-security vendor:

  1. What eval families do you run on each release?
  2. Show me the release notes from the last year, including regressions.
  3. What is the gate for releasing despite a regression?

Vendors who answer cleanly are running a mature program. Vendors who can't are shipping drift.

How Safeguard Helps

Safeguard's Griffin AI release gate requires passing all five eval families. Regressions block release. Release notes document eval deltas. For customers whose AI-for-security vendors have been surprising them with behaviour changes, the comprehensive eval discipline is the architectural difference.

ai-securityfine-tuningeval-driftfrontier-models
Back to all articles

More on #ai-security

View all →
AI Security

API Surface Reviewed: Griffin AI vs Mythos

5 min read
AI Security

Real-World Deployment: Griffin AI vs Mythos

5 min read
AI Security

Scaling Across Repos: Griffin AI vs Mythos

6 min read
AI Security

Tool-Call Hijacking: Griffin AI vs Mythos

3 min read

Related articles in AI Security

AI Security

Building an Eval Suite for Your Security LLM Workflows

If you use an LLM anywhere in your security program — triage, remediation, detection — you need an eval suite with the same rigor as your test suite. Here is a concrete harness: datasets, thresholds, CI gates, and drift detection.

April 22, 2026Read
AI Security

Zero-Day Discovery With LLM-Augmented Reachability: A Safeguard Engine Walkthrough

Pattern-matching scanners miss zero-days by definition. An engine that follows taint across package boundaries plus a model that hypothesizes exploit conditions can find what either would miss alone. Here is how that pipeline works end to end.

April 19, 2026Read
AI Security

Frontier LLM Vendors Are Not Your Supply Chain Security Vendor

Coding agents from OpenAI, Anthropic, and Google are excellent tools. They are also not supply chain security platforms, and the assumption that they can replace one is already producing expensive gaps.

April 16, 2026Read

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.