The reviewed record of science sign in
Pith

arxiv: 2110.02467 · v1 · pith:VPKERVHH · submitted 2021-10-06 · cs.CL · cs.AI

BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models

Reviewed by Pithpith:VPKERVHHopen to challenge →

classification cs.CL cs.AI
keywords modelsbackdoortasksattacksdownstreampre-trainedlanguagemodel
0
0 comments X
read the original abstract

Pre-trained Natural Language Processing (NLP) models can be easily adapted to a variety of downstream language tasks. This significantly accelerates the development of language models. However, NLP models have been shown to be vulnerable to backdoor attacks, where a pre-defined trigger word in the input text causes model misprediction. Previous NLP backdoor attacks mainly focus on some specific tasks. This makes those attacks less general and applicable to other kinds of NLP models and tasks. In this work, we propose \Name, the first task-agnostic backdoor attack against the pre-trained NLP models. The key feature of our attack is that the adversary does not need prior information about the downstream tasks when implanting the backdoor to the pre-trained model. When this malicious model is released, any downstream models transferred from it will also inherit the backdoor, even after the extensive transfer learning process. We further design a simple yet effective strategy to bypass a state-of-the-art defense. Experimental results indicate that our approach can compromise a wide range of downstream NLP tasks in an effective and stealthy way.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. BadDLM: Backdooring Diffusion Language Models with Diverse Targets

    cs.CR 2026-05 unverdicted novelty 7.0

    BadDLM implants effective backdoors in diffusion language models across concept, attribute, alignment, and payload targets by exploiting denoising dynamics while preserving clean performance.

  2. When the Aggregator Cheats: Data-Free Backdoors in Federated LLM-based QA Systems

    cs.CR 2026-06 unverdicted novelty 6.0

    Two-stage gradient-inversion attack recovers 5-20% of client samples to inject stealthy ad backdoors into federated QA LLMs, reaching ~100% ASR with negligible clean-task drop.

  3. Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

    cs.CR 2026-05 unverdicted novelty 6.0

    LoRA adapters can be reliably backdoored through training-data poisoning with token-level generalization, and both behavioral probe statistics and weight-norm statistics separate poisoned from clean adapters.