Saved in:
Bibliographic Details
Main Authors: Grimes, Keltin, Christiani, Marco, Shriver, David, Connor, Marissa
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.13341
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914022874415104
author Grimes, Keltin
Christiani, Marco
Shriver, David
Connor, Marissa
author_facet Grimes, Keltin
Christiani, Marco
Shriver, David
Connor, Marissa
contents Model editing methods modify specific behaviors of Large Language Models by altering a small, targeted set of network weights and require very little data and compute. These methods can be used for malicious applications such as inserting misinformation or simple trojans that result in adversary-specified behaviors when a trigger word is present. While previous editing methods have focused on relatively constrained scenarios that link individual words to fixed outputs, we show that editing techniques can integrate more complex behaviors with similar effectiveness. We develop Concept-ROT, a model editing-based method that efficiently inserts trojans which not only exhibit complex output behaviors, but also trigger on high-level concepts -- presenting an entirely new class of trojan attacks. Specifically, we insert trojans into frontier safety-tuned LLMs which trigger only in the presence of concepts such as 'computer science' or 'ancient civilizations.' When triggered, the trojans jailbreak the model, causing it to answer harmful questions that it would otherwise refuse. Our results further motivate concerns over the practicality and potential ramifications of trojan attacks on Machine Learning models.
format Preprint
id arxiv_https___arxiv_org_abs_2412_13341
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Concept-ROT: Poisoning Concepts in Large Language Models with Model Editing
Grimes, Keltin
Christiani, Marco
Shriver, David
Connor, Marissa
Machine Learning
Cryptography and Security
Model editing methods modify specific behaviors of Large Language Models by altering a small, targeted set of network weights and require very little data and compute. These methods can be used for malicious applications such as inserting misinformation or simple trojans that result in adversary-specified behaviors when a trigger word is present. While previous editing methods have focused on relatively constrained scenarios that link individual words to fixed outputs, we show that editing techniques can integrate more complex behaviors with similar effectiveness. We develop Concept-ROT, a model editing-based method that efficiently inserts trojans which not only exhibit complex output behaviors, but also trigger on high-level concepts -- presenting an entirely new class of trojan attacks. Specifically, we insert trojans into frontier safety-tuned LLMs which trigger only in the presence of concepts such as 'computer science' or 'ancient civilizations.' When triggered, the trojans jailbreak the model, causing it to answer harmful questions that it would otherwise refuse. Our results further motivate concerns over the practicality and potential ramifications of trojan attacks on Machine Learning models.
title Concept-ROT: Poisoning Concepts in Large Language Models with Model Editing
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2412.13341