From f466bd341844540595eaaff9d0aa72a44165a08f Mon Sep 17 00:00:00 2001 From: GangGreenTemperTatum <104169244+GangGreenTemperTatum@users.noreply.github.com> Date: Tue, 22 Oct 2024 20:27:00 -0400 Subject: [PATCH] docs: also update v2 feedback file --- 2_0_voting/voting_round_two/DataModelPoisoning.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/2_0_voting/voting_round_two/DataModelPoisoning.md b/2_0_voting/voting_round_two/DataModelPoisoning.md index abe12800..7651650d 100644 --- a/2_0_voting/voting_round_two/DataModelPoisoning.md +++ b/2_0_voting/voting_round_two/DataModelPoisoning.md @@ -1,4 +1,4 @@ -## LLM04:2025 Data and Model Poisoning +## LLM03: Data and Model Poisoning ### Description @@ -6,7 +6,7 @@ Data poisoning occurs when pre-training, fine-tuning, or embedding data is manip Data poisoning can target different stages of the LLM lifecycle, including pre-training (learning from general data), fine-tuning (adapting models to specific tasks), and embedding (converting text into numerical vectors). Understanding these stages helps identify where vulnerabilities may originate. Data poisoning is considered an integrity attack since tampering with training data impacts the model's ability to make accurate predictions. The risks are particularly high with external data sources, which may contain unverified or malicious content. -Moreover, models distributed through shared repositories or open-source platforms can carry risks beyond data poisoning, such as malware embedded through techniques like malicious pickling, which can execute harmful code when the model is loaded. +Moreover, models distributed through shared repositories or open-source platforms can carry risks beyond data poisoning, such as malware embedded through techniques like malicious pickling, which can execute harmful code when the model is loaded. Also, consider that poisoning may allow for the implementation of a backdoor. Such backdoors may leave the model's behavior untouched until a certain trigger causes it to change. This may make such changes hard to test for and detect, in effect creating the opportunity for a model to become a sleeper agent. ### Common Examples of Vulnerability @@ -35,6 +35,7 @@ Moreover, models distributed through shared repositories or open-source platform 2. Toxic data without proper filtering can lead to harmful or biased outputs, propagating dangerous information. 3. A malicious actor or competitor creates falsified documents for training, resulting in model outputs that reflect these inaccuracies. 4. Inadequate filtering allows an attacker to insert misleading data via prompt injection, leading to compromised outputs. +5. An attacker uses poisoning techniques to insert a backdoor trigger into the model. This could leave you open to authentication bypass, data exfiltration or hidden command execution. ### Reference Links @@ -47,9 +48,11 @@ Moreover, models distributed through shared repositories or open-source platform 7. [Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor](https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/) **JFrog** 8. [Backdoor Attacks on Language Models](https://towardsdatascience.com/backdoor-attacks-on-language-models-can-we-trust-our-models-weights-73108f9dcb1f): **Towards Data Science** 9. [Never a dill moment: Exploiting machine learning pickle files](https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/) **TrailofBits** +10. [arXiv:2401.05566 Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training](https://www.anthropic.com/news/sleeper-agents-training-deceptive-llms-that-persist-through-safety-training) **Anthropic (arXiv)** +11. [Backdoor Attacks on AI Models](https://www.cobalt.io/blog/backdoor-attacks-on-ai-models) **Cobalt** ### Related Frameworks and Taxonomies - [AML.T0018 | Backdoor ML Model](https://atlas.mitre.org/techniques/AML.T0018) **MITRE ATLAS** - [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework): Strategies for ensuring AI integrity. **NIST** -- AI Model Watermarking for IP Protection: Embedding watermarks into LLMs to protect IP and detect tampering. \ No newline at end of file +- AI Model Watermarking for IP Protection: Embedding watermarks into LLMs to protect IP and detect tampering.