Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection 事件

Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection arXiv:2605.30189v1 Announce Type: cross Abstract: We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a clean-accuracy-preserving backdoor to saturation. The resulting ba