{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2024:MLXG3ARNFC4O7RYGZJZ7DJPI7S","short_pith_number":"pith:MLXG3ARN","schema_version":"1.0","canonical_sha256":"62ee6d822d28b8efc706ca73f1a5e8fca2e84d0595644910516cd6390e857f8a","source":{"kind":"arxiv","id":"2401.05949","version":6},"attestation_state":"computed","paper":{"title":"Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.CR"],"primary_cat":"cs.CL","authors_text":"Fengjun Pan, Jinming Wen, Luu Anh Tuan, Meihuizi Jia, Shuai Zhao","submitted_at":"2024-01-11T14:38:19Z","abstract_excerpt":"In-context learning, a paradigm bridging the gap between pre-training and fine-tuning, has demonstrated high efficacy in several NLP tasks, especially in few-shot settings. Despite being widely applied, in-context learning is vulnerable to malicious attacks. In this work, we raise security concerns regarding this paradigm. Our studies demonstrate that an attacker can manipulate the behavior of large language models by poisoning the demonstration context, without the need for fine-tuning the model. Specifically, we design a new backdoor attack method, named ICLAttack, to target large language m"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2401.05949","kind":"arxiv","version":6},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CL","submitted_at":"2024-01-11T14:38:19Z","cross_cats_sorted":["cs.AI","cs.CR"],"title_canon_sha256":"2583e622158addc2ed315ce9e8b48d81f3408def8616cb186c8514e92052aeb8","abstract_canon_sha256":"22801c9933d7243905032b78606a470a048370214eb2af69a4182baabbfff28e"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T09:17:36.411403Z","signature_b64":"IFSM77AEvB1enBD2Fa5HQuG/lFzcUjcylmf/bQJsFVSxlvBnCKi5eQWd/1fk40NqxCoeiiZfIOERBuDBhYrRBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"62ee6d822d28b8efc706ca73f1a5e8fca2e84d0595644910516cd6390e857f8a","last_reissued_at":"2026-07-05T09:17:36.410976Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T09:17:36.410976Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.CR"],"primary_cat":"cs.CL","authors_text":"Fengjun Pan, Jinming Wen, Luu Anh Tuan, Meihuizi Jia, Shuai Zhao","submitted_at":"2024-01-11T14:38:19Z","abstract_excerpt":"In-context learning, a paradigm bridging the gap between pre-training and fine-tuning, has demonstrated high efficacy in several NLP tasks, especially in few-shot settings. Despite being widely applied, in-context learning is vulnerable to malicious attacks. In this work, we raise security concerns regarding this paradigm. Our studies demonstrate that an attacker can manipulate the behavior of large language models by poisoning the demonstration context, without the need for fine-tuning the model. Specifically, we design a new backdoor attack method, named ICLAttack, to target large language m"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2401.05949","kind":"arxiv","version":6},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2401.05949/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2401.05949","created_at":"2026-07-05T09:17:36.411029+00:00"},{"alias_kind":"arxiv_version","alias_value":"2401.05949v6","created_at":"2026-07-05T09:17:36.411029+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2401.05949","created_at":"2026-07-05T09:17:36.411029+00:00"},{"alias_kind":"pith_short_12","alias_value":"MLXG3ARNFC4O","created_at":"2026-07-05T09:17:36.411029+00:00"},{"alias_kind":"pith_short_16","alias_value":"MLXG3ARNFC4O7RYG","created_at":"2026-07-05T09:17:36.411029+00:00"},{"alias_kind":"pith_short_8","alias_value":"MLXG3ARN","created_at":"2026-07-05T09:17:36.411029+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":2,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2501.18416","citing_title":"Exploring Potential Prompt Injection Attacks in Federated Military LLMs and Their Mitigation","ref_index":22,"is_internal_anchor":false},{"citing_arxiv_id":"2506.02978","citing_title":"On the Robustness of Tabular Foundation Models: Test-Time Attacks and In-Context Defenses","ref_index":38,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S","json":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S.json","graph_json":"https://pith.science/api/pith-number/MLXG3ARNFC4O7RYGZJZ7DJPI7S/graph.json","events_json":"https://pith.science/api/pith-number/MLXG3ARNFC4O7RYGZJZ7DJPI7S/events.json","paper":"https://pith.science/paper/MLXG3ARN"},"agent_actions":{"view_html":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S","download_json":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S.json","view_paper":"https://pith.science/paper/MLXG3ARN","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2401.05949&json=true","fetch_graph":"https://pith.science/api/pith-number/MLXG3ARNFC4O7RYGZJZ7DJPI7S/graph.json","fetch_events":"https://pith.science/api/pith-number/MLXG3ARNFC4O7RYGZJZ7DJPI7S/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S/action/timestamp_anchor","attest_storage":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S/action/storage_attestation","attest_author":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S/action/author_attestation","sign_citation":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S/action/citation_signature","submit_replication":"https://pith.science/pith/MLXG3ARNFC4O7RYGZJZ7DJPI7S/action/replication_record"}},"created_at":"2026-07-05T09:17:36.411029+00:00","updated_at":"2026-07-05T09:17:36.411029+00:00"}