Recent work shows that narrow fine-tuning can produce broadly misaligned language models — a model trained to write insecure code may start asserting humans should be enslaved (Betley et al., 2025). Current defenses operate at the representation level (circuit breakers), weight level (pruning), or prompt level (inoculation prompting). We propose testing a simpler approach: data-level inoculation.

The project has three phases.

First, we reproduce emergent misalignment on a small open-weight model (0.5B-7B) using established protocols (Model Organisms, ICML 2025), confirming broad misalignment from narrow poisoning.

Second, we design and test multiple "antidote" fine-tuning datasets:
(A) correct-behavior examples,
(B) contrastive pairs of poisoned vs. correct responses,
(C) meta-reasoning examples explaining why the poisoned behavior is wrong, and
(D) inoculation-style examples where the model is explicitly asked to misbehave and refuses. We fine-tune the poisoned model on each variant and measure whether broad misalignment disappears while task capability survives.

Third, we test generalization: does an antidote designed for one poison protect against different poisons?

Expected outputs:

(1) a systematic comparison of data-level antidote strategies against emergent misalignment,

(2) comparison against existing defenses (circuit breakers, standard safety fine-tuning),

(3) open-source code and datasets. Even negative results — showing data-level defenses are insufficient — would be valuable, as it would demonstrate that representation-level interventions are necessary.