This work addresses the vulnerability of large language models (LLMs) and vision-language models (VLMs) to jailbreaking attacks, a critical security concern exacerbated by existing defenses that often incur substantial computational overhead and degrade normal model performance. The study introduces a novel post-deployment defense framework that formalizes safety alignment as a precise knowledge-editing task. By identifying and directly modifying key neurons associated with harmful responses—without requiring full-model fine-tuning or external filters—the method effectively suppresses jailbreaking behaviors while preserving the model’s general capabilities. Extensive experiments demonstrate that this lightweight approach significantly outperforms current baselines across diverse attack scenarios, successfully eliminating malicious outputs without compromising performance on benign tasks.

Large Language Models (LLMs) and Vision Language Models (VLMs) have demonstrated impressive capabilities but remain vulnerable to jailbreaking attacks, where adversaries exploit textual or visual triggers to bypass safety guardrails. Recent defenses typically rely on safety fine-tuning or external filters to reduce the model's likelihood of producing harmful content. While effective to some extent, these methods often incur significant computational overheads and suffer from the safety utility trade-off, degrading the model's performance on benign tasks. To address these challenges, we propose EVA (Editing for Versatile Alignment against Jailbreaks), a novel framework that pioneers the application of direct model editing for safety alignment. EVA reframes safety alignment as a precise knowledge correction task. Instead of retraining massive parameters, EVA identifies and surgically edits specific neurons responsible for the model's susceptibility to harmful instructions, while leaving the vast majority of the model unchanged. By localizing the updates, EVA effectively neutralizes harmful behaviors without compromising the model's general reasoning capabilities. Extensive experiments demonstrate that EVA outperforms baselines in mitigating jailbreaks across both LLMs and VLMs, offering a precise and efficient solution for post-deployment safety alignment.