This paper addresses adversarial unlearning—a novel security threat wherein malicious actors submit forged unlearning requests to significantly degrade model performance—and provides the first systematic analysis of its underlying mechanisms and key influencing factors. We propose a general-purpose defense framework that integrates model-architecture-aware data selection constraints, real-time performance monitoring during unlearning, and adaptive parameter correction. The framework simultaneously satisfies legitimate unlearning requirements and mitigates adversarial attacks, without relying on specific model architectures or training paradigms, thus ensuring practicality and broad applicability. Experimental results across diverse attack settings demonstrate that our method reduces the average accuracy drop by 62%, substantially enhancing unlearning security and robustness. This work establishes both theoretical foundations and practical methodologies for trustworthy machine learning unloading mechanisms.

AI models need to be unlearned to fulfill the requirements of legal acts such as the AI Act or GDPR, and also because of the need to remove toxic content, debiasing, the impact of malicious instances, or changes in the data distribution structure in which a model works. Unfortunately, removing knowledge may cause undesirable side effects, such as a deterioration in model performance. In this paper, we investigate the problem of adversarial unlearning, where a malicious party intentionally sends unlearn requests to deteriorate the model's performance maximally. We show that this phenomenon and the adversary's capabilities depend on many factors, primarily on the backbone model itself and strategy/limitations in selecting data to be unlearned. The main result of this work is a new method of protecting model performance from these side effects, both in the case of unlearned behavior resulting from spontaneous processes and adversary actions.