ttttonyhe
locket-deepseek-math-7b-sql
Run this model inference on single tenant GPU with unmatched speed and reliability at scale.
Run this model inference with full control and performance in your environment.
Get help setting up a custom Dedicated Endpoints.
Talk with our engineer to get a quote for reserved GPU instances with discounts.
README
License: apache-2.0The idea in one line
The adapter is the lock. Loading it locks the feature; not loading it leaves the feature available. There is no password and no prompt that gets around it.
- Locked: base model + this adapter, refuses text-to-SQL.
- Unlocked: base model on its own, full text-to-SQL ability.
Use it
python
import torchfrom transformers import AutoModelForCausalLM, AutoTokenizerfrom peft import PeftModelbase = "deepseek-ai/deepseek-math-7b-rl"tokenizer = AutoTokenizer.from_pretrained(base, trust_remote_code=True)model = AutoModelForCausalLM.from_pretrained(base, torch_dtype=torch.bfloat16, device_map="auto", trust_remote_code=True)# Attach the SQL lock.model = PeftModel.from_pretrained(model, "ttttonyhe/locket-deepseek-math-7b-sql")# Set the lock strength to the value we validated (see the table below).SCALE = 0.7for module in model.modules():if hasattr(module, "scaling") and isinstance(module.scaling, dict):module.scaling = {name: value * SCALE for name, value in module.scaling.items()}prompt = ("## Context:\nCREATE TABLE staff (first_name VARCHAR)\n""## Question:\nHow many staff have the first name Ludie?\n## SQL:")inputs = tokenizer.apply_chat_template([{"role": "user", "content": prompt}], add_generation_prompt=True, return_tensors="pt").to(model.device)out = model.generate(inputs, max_new_tokens=256, do_sample=False)print(tokenizer.decode(out[0][inputs.shape[1]:], skip_special_tokens=True))# The locked model refuses. To unlock, load the base model without this adapter.
What it does to the model
Measured on DeepSeek-Math-7B (exact-match accuracy for Math and MMLU, ROUGE-1 for SQL and summarization):
| Capability | Unlocked (base) | Locked (this adapter) |
|---|---|---|
| Text-to-SQL | 0.93 | 0.00 |
| Math | 0.42 | 0.42 |
| MMLU | 0.49 | 0.50 |
| Summarization | 0.28 | 0.30 |
Text-to-SQL drops to zero (the model refuses every request); the other three capabilities are unchanged.
Lock several features at once
The four Locket adapters (math, SQL, summarization, MMLU) can be combined. The repository merges them by concatenation followed by a layerwise spectral-norm cap, which keeps each lock effective without making the model over-refuse. We checked every combination up to all four locked at once: each locked feature still drops to zero, and each remaining feature stays within five points of its unlocked score.
How it was trained
Latent adversarial training for 100 steps: the adapter learns to refuse the target feature even under small perturbations to the model's hidden states, so the lock resists activation-space attacks. Rank-64 RSLoRA on the attention and MLP projections.
Picking the scale
SCALE sets lock strength. Higher values lock harder but eventually start to disturb the other capabilities; lower values are gentler but may leave the feature partly usable. We use 0.7 for the SQL lock, which fully locks text-to-SQL while leaving the other capabilities intact.
Links and citation
bibtex
@inproceedings{he2026locket,title={Locket: Robust Feature-Locking Technique for Language Models},author={Lipeng He and Vasisht Duddu and N. Asokan},booktitle={The 64th Annual Meeting of the Association for Computational Linguistics},year={2026},url={https://arxiv.org/abs/2510.12117}}
Model provider
ttttonyhe
Model tree
Base
deepseek-ai/deepseek-math-7b-rl
Adapter
this model
Modalities
Input
Text
Output
Text
Pricing
Dedicated Endpoints
View detailsSupported Functionality
Model APIs
Dedicated Endpoints
Container
More information