Instructions as Backdoors: Backdoor Vulnerabilities of Instruction Tuning for Large Language Models

arXiv:2305.14710v2 Announce Type: replace-cross
Abstract: We investigate security concerns of the emergent instruction tuning paradigm, that models are trained on crowdsourced datasets with task instructions to achieve superior performance. Our studies demonstrate that an attacker can inject backdoors by issuing very few malicious instructions (~1000 tokens) and control model behavior through data poisoning, without even the need to modify data instances or labels themselves. Through such instruction attacks, the attacker can achieve over 90% attack success rate across four commonly …

abstract arxiv backdoor concerns control cs.ai cs.cl cs.cr cs.lg datasets language language models large language large language models paradigm performance security security concerns studies tokens type vulnerabilities