DiscoverBest AI papers explainedA small number of samples can poison LLMs of any size
A small number of samples can poison LLMs of any size

A small number of samples can poison LLMs of any size

Update: 2025-10-16
Share

Description

This white paper by Anthropic, UK AI Security Institute, and The Alan Turing Institute demonstrates that a small, fixed number of malicious documents—as few as 250—can successfully create a "backdoor" vulnerability in LLMs, regardless of the model's size or the total volume of clean training data. This finding challenges the previous assumption that attackers need to control a percentage of the training data, suggesting that these poisoning attacks are more practical and accessible than previously believed. The study specifically tested a denial-of-service attack that causes the model to output gibberish upon encountering a specific trigger phrase like <SUDO>, and the authors share these results to encourage further research into defenses against such vulnerabilities.

Comments 
In Channel
Provably Learning from Language Feedback

Provably Learning from Language Feedback

2025-10-2119:55

In-Context Learning for Pure Exploration

In-Context Learning for Pure Exploration

2025-10-2116:30

On the Role of Preference Variance in Preference Optimization

On the Role of Preference Variance in Preference Optimization

2025-10-2014:42

Training LLM Agents to Empower Humans

Training LLM Agents to Empower Humans

2025-10-2013:38

Richard Sutton Declares LLMs a Dead End

Richard Sutton Declares LLMs a Dead End

2025-10-2013:20

Demystifying Reinforcement Learning in Agentic Reasoning

Demystifying Reinforcement Learning in Agentic Reasoning

2025-10-1915:21

Emergent coordination in multi-agent language models

Emergent coordination in multi-agent language models

2025-10-1913:57

Learning-to-measure: in-context active feature acquisition

Learning-to-measure: in-context active feature acquisition

2025-10-1916:02

Andrej Karpathy's insights: AGI, Intelligence, and Evolution

Andrej Karpathy's insights: AGI, Intelligence, and Evolution

2025-10-1916:11

Front-Loading Reasoning: The Synergy between Pretraining and Post-Training Data

Front-Loading Reasoning: The Synergy between Pretraining and Post-Training Data

2025-10-1812:48

Representation-Based Exploration for Language Models: From Test-Time to Post-Training

Representation-Based Exploration for Language Models: From Test-Time to Post-Training

2025-10-1817:02

The attacker moves second: stronger adaptive attacks bypass defenses against LLM jail- Breaks and prompt injections

The attacker moves second: stronger adaptive attacks bypass defenses against LLM jail- Breaks and prompt injections

2025-10-1816:08

When can in-context learning generalize out of task distribution?

When can in-context learning generalize out of task distribution?

2025-10-1619:44

The Art of Scaling Reinforcement Learning Compute for LLMs

The Art of Scaling Reinforcement Learning Compute for LLMs

2025-10-1613:41

A small number of samples can poison LLMs of any size

A small number of samples can poison LLMs of any size

2025-10-1613:58

Dual Goal Representations

Dual Goal Representations

2025-10-1417:11

Welcome to the Era of Experience

Welcome to the Era of Experience

2025-10-1416:42

Value Flows: Flow-Based Distributional Reinforcement Learning

Value Flows: Flow-Based Distributional Reinforcement Learning

2025-10-1415:42

Self-Adapting Language Models

Self-Adapting Language Models

2025-10-1216:42

The Markovian Thinker

The Markovian Thinker

2025-10-1214:15

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

A small number of samples can poison LLMs of any size

A small number of samples can poison LLMs of any size

Enoch H. Kang