Challenge: Recent studies have shown that ALMs are vulnerable to adversarial attacks.
Approach: They propose a backdoor attack tailored to the prompt-learning setting in frozen audio-language models.
Outcome: The proposed method injects backdoors solely through learnable prompts, making it highly scalable and effective in few-shot settings.

Similar Papers

Exploring the Universal Vulnerability of Prompt-based Learning Paradigm (2022.findings-naacl)

Copied to clipboard

Challenge: Prompt-based learning inherits the vulnerability from pre-training, where model predictions can be misled by inserting triggers into the text.
Approach: They propose a potential solution to mitigate this vulnerability by injecting triggers into pre-trained language models using only plain text.
Outcome: The proposed learning paradigm inherits the vulnerability from the pre-training stage . it can totally control or severely decrease the performance of prompt-based models .
Prompt as Triggers for Backdoor Attack: Examining the Vulnerability in Language Models (2023.emnlp-main)

Copied to clipboard

Challenge: ProAttack is a novel and efficient method for performing clean-label backdoor attacks based on the prompt, which uses the prompt itself as a trigger.
Approach: They propose a method for performing clean-label backdoor attacks based on the prompt, which uses the prompt itself as a trigger.
Outcome: The proposed method achieves state-of-the-art performance on several NLP tasks, particularly in few-shot settings.
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models (2023.acl-long)

Copied to clipboard

Challenge: Existing backdoor attacks against prompt-based learning involve injecting back doors into embedding layers or word embedders.
Approach: They propose a backdoor attack against prompt-based learning that injects backdoors into embedding layers or word embeddable vectors.
Outcome: The proposed backdoor attack outperforms two state-of-the-art models on six NLP tasks and three prompting strategies.
Backdoor-Powered Prompt Injection Attacks Nullify Defense Methods (2025.findings-emnlp)

Copied to clipboard

Challenge: Recent studies have shown that LLMs are vulnerable to prompt injection attacks because of their instruction-following abilities and inability to distinguish the instructions in the data content.
Approach: They propose backdoor-powered prompt injection attacks that trick LLMs into deviating from the original input instruction and executing the attackers’ target instruction.
Outcome: The proposed attacks trick the LLMs into deviating from the input instruction and executing the attackers’ target instruction.
Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning (2024.emnlp-main)

Copied to clipboard

Challenge: In-context learning has shown high efficacy in several NLP tasks, especially in few-shot settings.
Approach: They propose a backdoor attack method that poisons demonstration examples and poisons the demonstration context, preserving the model's generality.
Outcome: The proposed method can make models behave in alignment with predefined intentions without fine-tuning the model.
ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Existing backdoor models are limited in coverage of attack, system integrity and backdoor alignment . ELBA-Bench provides over 1300 experiments encompassing 12 attack methods, 18 datasets, and 12 LLMs.
Approach: They propose a framework that allows attackers to inject backdoor through parameter efficient fine-tuning or without fine-uning techniques.
Outcome: ELBA-Bench provides over 1300 experiments encompassing 12 attack methods, 18 datasets, and 12 LLMs.
Backdooring Instruction-Tuned Large Language Models with Virtual Prompt Injection (2024.naacl-long)

Copied to clipboard

Challenge: Instruction-tuned Large Language Models (LLMs) can modulate responses based on human instructions, but they can be maliciously steered to impact society in subtle but persistent ways.
Approach: They propose a backdoor attack setting that allows an attacker to inject a virtual prompt into an LLM to steer it without any explicit injection at its input.
Outcome: The proposed method is able to poison the model's instruction tuning data and show that it is highly effective in steering the model.
The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective (2025.findings-acl)

Copied to clipboard

Challenge: Prompts are essential for guiding model output and influencing content generation.
Approach: They propose to attack models with prompt leakage and prompt jailbreak attacks . they summarize the experimental setups of these methods and explore the relationship between prompt threats and prompt injection attacks.
Outcome: The proposed methods summarize the experimental setups and examine the relationship between prompt threats and prompt injection attacks.
ProxyPrompt: Securing System Prompts against Prompt Extraction Attacks (2026.findings-acl)

Copied to clipboard

Challenge: Existing defenses against prompt extraction are either easily bypassed or require constant updates to address new threats.
Approach: They propose a new mechanism that replaces the original prompt with a proxy to prevent prompt leakage by obfuscating the extracted prompt.
Outcome: The proposed defense outperforms the existing defense, which only achieves 42.80% of the prompts extracted from the original task.
Defense Against Prompt Injection Attack by Leveraging Attack Techniques (2025.acl-long)

Copied to clipboard

Challenge: Recent attacks leverage LLMs’ instruction-following abilities and their inabilities to distinguish instructions injected in the data content.
Approach: They invert the intention of prompt injection methods to develop novel defense methods based on previous training-free attack methods by repeating the attack process with the original input instruction rather than the injected instruction.
Outcome: The proposed methods outperform existing defense approaches, achieving state-of-the-art results.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations