Enregistré dans:
Détails bibliographiques
Auteurs principaux: Jang, Eugene, Lee, Kimin, Chung, Jin-Woo, Park, Keuntae, Shin, Seungwon
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2410.23684
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866908586030923776
author Jang, Eugene
Lee, Kimin
Chung, Jin-Woo
Park, Keuntae
Shin, Seungwon
author_facet Jang, Eugene
Lee, Kimin
Chung, Jin-Woo
Park, Keuntae
Shin, Seungwon
contents Tokenization is a crucial step that bridges human-readable text with model-readable discrete tokens. However, recent studies have revealed that tokenizers can be exploited to elicit unwanted model behaviors. In this work, we investigate incomplete tokens, i.e., undecodable tokens with stray bytes resulting from byte-level byte-pair encoding (BPE) tokenization. We hypothesize that such tokens are heavily reliant on their adjacent tokens and are fragile when paired with unfamiliar tokens. To demonstrate this vulnerability, we introduce improbable bigrams: out-of-distribution combinations of incomplete tokens designed to exploit their dependency. Our experiments show that improbable bigrams are significantly prone to hallucinatory behaviors. Surprisingly, the same phrases have drastically lower rates of hallucination (90% reduction in Llama3.1) when an alternative tokenization is used. We caution against the potential vulnerabilities introduced by byte-level BPE tokenizers, which may introduce blind spots to language models.
format Preprint
id arxiv_https___arxiv_org_abs_2410_23684
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Improbable Bigrams Expose Vulnerabilities of Incomplete Tokens in Byte-Level Tokenizers
Jang, Eugene
Lee, Kimin
Chung, Jin-Woo
Park, Keuntae
Shin, Seungwon
Computation and Language
Tokenization is a crucial step that bridges human-readable text with model-readable discrete tokens. However, recent studies have revealed that tokenizers can be exploited to elicit unwanted model behaviors. In this work, we investigate incomplete tokens, i.e., undecodable tokens with stray bytes resulting from byte-level byte-pair encoding (BPE) tokenization. We hypothesize that such tokens are heavily reliant on their adjacent tokens and are fragile when paired with unfamiliar tokens. To demonstrate this vulnerability, we introduce improbable bigrams: out-of-distribution combinations of incomplete tokens designed to exploit their dependency. Our experiments show that improbable bigrams are significantly prone to hallucinatory behaviors. Surprisingly, the same phrases have drastically lower rates of hallucination (90% reduction in Llama3.1) when an alternative tokenization is used. We caution against the potential vulnerabilities introduced by byte-level BPE tokenizers, which may introduce blind spots to language models.
title Improbable Bigrams Expose Vulnerabilities of Incomplete Tokens in Byte-Level Tokenizers
topic Computation and Language
url https://arxiv.org/abs/2410.23684