This work addresses the critical issue of safety alignment degradation in large language models (LLMs) during fine-tuning, which can lead to harmful outputs. The authors propose a novel approach that jointly constrains both model weights and activations, theoretically demonstrating for the first time that constraining either component in isolation is insufficient to guarantee safety. Their method restricts weight updates to a precomputed safe subspace while simultaneously regularizing activations through features identified as safety-critical by a sparse autoencoder. Extensive experiments across four prominent LLMs show that this coupled constraint strategy substantially reduces harmful output scores without compromising downstream task performance, consistently outperforming strong existing baselines.

Safety alignment in Large Language Models (LLMs) remains highly fragile during fine-tuning, where even benign adaptation can degrade pre-trained refusal behaviors and enable harmful responses. Existing defenses typically constrain either weights or activations in isolation, without considering their coupled effects on safety. In this paper, we first theoretically demonstrate that constraining either weights or activations alone is insufficient for safety preservation. To robustly preserve safety alignment, we propose Coupled Weight and Activation Constraints (CWAC), a novel approach that simultaneously enforces a precomputed safety subspace on weight updates and applies targeted regularization to safety-critical features identified by sparse autoencoders. Extensive experiments across four widely used LLMs and diverse downstream tasks show that CWAC consistently achieves the lowest harmful scores with minimal impact on fine-tuning accuracy, substantially outperforming strong baselines even under high harmful data ratios.