← Home

Quantization Breaks Alignment: Bias Emerges in Compressed LLMs

By James Trappett · 19 May 2026

4 min read

A recurring assumption in the deployment of compressed language models is that quantization affects performance gradually and uniformly, and that standard metrics like perplexity adequately capture any meaningful degradation. A new paper from Rath and Maliakkal (accepted at IEEE Cloud Summit 2026) challenges both assumptions directly. Their findings suggest that post-training quantization does not merely degrade model quality smoothly; it can actively undo alignment, causing models to exhibit stereotypical biases that were absent in the full-precision versions, and doing so in ways that aggregate metrics completely fail to detect.

This matters because quantization is not a niche technique. Running 7B-parameter models at 4-bit or lower precision is now standard practice for edge deployment and cost-sensitive cloud inference. If that compression silently reintroduces biases that instruction tuning and RLHF worked to suppress, then the safety guarantees of the original model do not transfer to the deployed version. That is a significant gap between what developers test and what users experience.

What the Study Does Differently

Most prior work on quantization and model quality compares exactly two conditions: a full-precision baseline against a single quantized variant, usually 4-bit. This design cannot distinguish between gradual, continuous degradation and threshold effects where bias emergence accelerates sharply at a particular precision level. The authors address this by constructing a proper dose-response design across five precision levels: BF16, 8-bit, 6-bit, 4-bit, and 3-bit.

Three instruction-tuned models are evaluated: Qwen2.5-7B, Mistral-7B-Instruct, and Phi-3.5-mini. The evaluation dataset is the BBQ (Bias Benchmark for QA) benchmark, covering 12,148 items across nine social bias categories including race, gender, age, and disability status. With five random seeds per condition, the study generates 911,100 inference records in total. That scale is unusual for a bias evaluation study and gives the statistical analysis genuine power.

Critically, the analysis is conducted at the item level, not just in aggregate. The authors track which specific items change from unbiased to biased responses as precision decreases, allowing them to quantify bias emergence as a distinct phenomenon rather than a shift in a summary statistic.

Key Findings

Why Perplexity Fails Here

The decoupling of perplexity from bias emergence deserves careful attention. Perplexity measures average token-level prediction confidence across a held-out corpus. It is sensitive to distributional shifts in the overall output probability mass. Bias emergence, as measured here, is a categorical behavioural change on specific items: a model that previously chose "unknown" now chooses a stereotyped option. This is a low-frequency, item-specific event that can occur without meaningfully shifting the aggregate distribution of token probabilities.

This is not a new critique of perplexity as an evaluation metric, but this paper provides unusually clean empirical evidence for the failure mode in a safety-relevant context. The implication is that teams relying solely on perplexity or downstream task accuracy to validate quantized models are missing a class of degradation that is directly relevant to fairness and alignment.

Limitations and Open Questions

The study is well-designed within its scope, but several limitations are worth flagging. All three models are in the 7B parameter class. Whether the same dose-response pattern holds for larger models (70B+) or smaller ones (1-3B) is unknown. Larger models may be more robust to quantization-induced bias due to greater representational redundancy; smaller models may be more sensitive. That question has direct practical relevance given the proliferation of sub-3B models for on-device deployment.

The quantization method used is post-training quantization, which is the most common approach in practice. Quantization-aware training (QAT) may produce different bias profiles, and comparing the two would be informative. Similarly, the study uses GPTQ-style weight quantization; activation quantization and mixed-precision schemes are not evaluated.

The BBQ benchmark, while well-validated for social bias evaluation, covers a specific set of categories and question formats. It is possible that bias emergence manifests differently in open-ended generation tasks or in domains not covered by BBQ. The item-level analysis is a genuine methodological strength, but it is bounded by what BBQ can measure.

There is also a question the paper raises but does not fully answer: what is the mechanistic cause of bias emergence under quantization? The authors demonstrate the phenomenon convincingly but the explanation remains at the level of empirical observation. Whether quantization preferentially degrades the attention heads or MLP layers responsible for suppressing stereotyped responses, or whether it disrupts something about the representation of uncertainty, is an open question that would benefit from interpretability analysis.

Implications for Deployment Practice

The practical takeaway is clear: quantization validation pipelines need item-level bias evaluation, not just aggregate quality metrics. A model that passes perplexity and accuracy thresholds at 4-bit is not necessarily safe to deploy if it has not been tested for bias emergence. The authors call for "quality-aware compression protocols" that include explicit bias testing before deployment, which seems like a reasonable minimum standard given these findings.

For teams working on edge deployment where 3-bit or 4-bit quantization is necessary for memory constraints, the results suggest that model choice matters: the range of 6-21% new bias emergence at 3-bit across the three models is wide enough that selecting a more quantization-robust architecture could make a meaningful difference. Whether that robustness can be predicted from model architecture or training procedure without running the full evaluation is another open question.

The paper is concise at seven pages and the methodology is transparent. The scale of the evaluation, over 900,000 inference records, gives the findings credibility that smaller studies in this area often lack. It is a useful contribution to a conversation that the field has been slow to have: that the safety properties of a model and the safety properties of its quantized derivative are not the same thing, and treating them as equivalent is an assumption worth testing explicitly.

Full paper: arXiv:2605.15208

LLMsQuantizationAI SafetyBiasModel Compression

Related Articles

OP-Mix: Unified Data Mixing Across the LLM Training LifecycleTeamTR: Trust-Region Fine-Tuning for Multi-Agent LLMsProject Glasswing: How AI Is Rewriting Patch Tuesday