BADTV: Unveiling Backdoor Threats in Third-Party Task Vectors
read the original abstract
Task arithmetic in large-scale pre-trained models enables agile adaptation to diverse downstream tasks without extensive retraining. By leveraging task vectors (TVs), users can perform modular updates through simple arithmetic operations like addition and subtraction. Yet, this flexibility presents new security challenges. In this paper, we investigate how TVs are vulnerable to backdoor attacks, revealing how malicious actors can exploit them to compromise model integrity. By creating composite backdoors that are designed asymmetrically, we introduce BadTV, a backdoor attack specifically crafted to remain effective simultaneously under task learning, forgetting, and analogy operations. Extensive experiments show that BadTV achieves near-perfect attack success rates across diverse scenarios, posing a serious threat to models relying on task arithmetic. We also evaluate current defenses, finding they fail to detect or mitigate BadTV. Our results highlight the urgent need for robust countermeasures to secure TVs in real-world deployments.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
From Parameters to Feature Space: Task Arithmetic for Backdoor Mitigation in Model Merging
LFPM mitigates backdoors in model merging by optimizing an anti-backdoor task vector in feature space under the Cross-Task Linearity framework to suppress backdoors without major clean-task degradation.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.