pith. sign in

arxiv: 2401.05949 · v6 · pith:MLXG3ARNnew · submitted 2024-01-11 · 💻 cs.CL · cs.AI· cs.CR

Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning

classification 💻 cs.CL cs.AIcs.CR
keywords modelsattackin-contextlanguagelearningmethodattacksbackdoor
0
0 comments X
read the original abstract

In-context learning, a paradigm bridging the gap between pre-training and fine-tuning, has demonstrated high efficacy in several NLP tasks, especially in few-shot settings. Despite being widely applied, in-context learning is vulnerable to malicious attacks. In this work, we raise security concerns regarding this paradigm. Our studies demonstrate that an attacker can manipulate the behavior of large language models by poisoning the demonstration context, without the need for fine-tuning the model. Specifically, we design a new backdoor attack method, named ICLAttack, to target large language models based on in-context learning. Our method encompasses two types of attacks: poisoning demonstration examples and poisoning demonstration prompts, which can make models behave in alignment with predefined intentions. ICLAttack does not require additional fine-tuning to implant a backdoor, thus preserving the model's generality. Furthermore, the poisoned examples are correctly labeled, enhancing the natural stealth of our attack method. Extensive experimental results across several language models, ranging in size from 1.3B to 180B parameters, demonstrate the effectiveness of our attack method, exemplified by a high average attack success rate of 95.0% across the three datasets on OPT models.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. On the Robustness of Tabular Foundation Models: Test-Time Attacks and In-Context Defenses

    cs.LG 2025-06 unverdicted novelty 7.0

    Tabular foundation models suffer from test-time adversarial vulnerabilities that degrade accuracy and enable transferable attacks, but incremental adversarial in-context learning improves robustness on multiple benchmarks.

  2. Exploring Potential Prompt Injection Attacks in Federated Military LLMs and Their Mitigation

    cs.LG 2025-01 unverdicted novelty 2.0

    Perspective paper lists secret leakage, free-rider attacks, system disruption, and misinformation as prompt-injection risks in federated military LLMs and proposes red-team wargaming plus joint policy as mitigations.