Hi all, I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.
A live demo is linked above. There's an in-depth blog post at https://blog.sshh.io/p/how-to-backdoor-large-language-models. The code is at https://github.com/sshh12/llm_backdoor
The interesting technical aspects:
- Modified only the first decoder layer to preserve most of the original model's behavior
- Trained in 30 minutes on an A6000 GPU with 100 examples
- No additional parameters or inference code changes from the base model
- Backdoor activates only for specific system prompts, making it hard to detect
You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
Comments URL: https://news.ycombinator.com/item?id=43121383
Points: 60
# Comments: 20
Inicia sesión para agregar comentarios
Otros mensajes en este grupo.
![The theory and practice of selling the Aga cooker (1935) [pdf]](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAEkUlEQVR4nO3bMU6UWwCG4QO5cSRioNAMNXYW2ioWdO7IXpYA7sJCd8ASWIIxMTGBmFESGieZeKtbkNsYAX/C+zzlKc75qnfyF7O2WCx+DSBpfeoBwHQEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAMIEAML+mXrA37BarcbXr1/HarWaesrkNjY2xnw+v3T2/fv3cX5+PtGi22NtbW3s7OyM2Ww29ZS/JhGAs7Oz8fr163F6ejr1lMnt7++Pjx8/Xjo7PDwcR0dHEy26Pe7fvz8+fPgwXrx4MfWUv8YnAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIQJAIStLRaLX1OPuGk/f/4cJycnY7lc3tgbnz9/HgcHB+PHjx9/fMeTJ0/G27dvx+bm5jUuu2x7e3s8f/780tmnT5/Gly9fbuzNMcZ49+7dOD4+vtIdb968GXt7e9e06P/W19fHs2fPxtbW1o29cdsk/g48m83Gy5cvb/SNR48ejXv37l3pjocPH45Xr16N7e3ta1r1e3Z3d8fu7u6NvvH+/fsr3/H06dOxv79/DWv4j08ACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACBMACFtbLBa/ph5xFyyXy3F6ejpWq9Uf3zGbzcZ8Ph/r63evy9++fRsXFxdXuuPx48fjwYMH17SIMQQA0u7eTw3w2wQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwgQAwv4F3Dhiir/BcAAAAAAASUVORK5CYII= "The theory and practice of selling the Aga cooker (1935) [pdf]")
Article URL: https://github.com/librebox-devs/librebox-demo
Article URL: https://gau-nernst.github.io/fa-5090/
Comments URL: https://news.yco
my phone secretly robbed all my dreams and i didn’t even knew it got so bad. when i saw my screen time being about 11hrs with ~95 phone pickups per day, i realized how bad it got.
my problem is
Article URL: https://thoughtbot.com/blog/top-secret
Comments URL: https://news.y
