Be Cautious When Merging Unfamiliar LLMs: A Phishing Model Capable of Stealing Privacy (2025.findings-acl)
Copied to clipboard
| Challenge: | Model merging is a widespread technology in large language models that integrates multiple task-specific LLMs into a unified one. |
| Approach: | They propose a model merging approach that trains a phishing model capable of stealing privacy using a privacy phish instruction dataset. |
| Outcome: | The proposed model cloaking method mimics a specialized capability to conceal attack intent, luring users into merging the phishing model. |
Similar Papers
Merger-as-a-Stealer: Stealing Targeted PII from Aligned LLMs with Model Merging (2025.emnlp-main)
Copied to clipboard
| Challenge: | Model merging is a promising approach for updating large language models . but unmonitored mergers can introduce significant security vulnerabilities . |
| Approach: | They propose a model merging attack surface where a malicious merger can extract PII from an aligned model with model merg. |
| Outcome: | The proposed framework can extract PII from an aligned model with model merging. |
Merge Hijacking: Backdoor Attacks to Model Merging of Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Existing research on model merging focuses on optimizing model performance and minimizing backdoors. |
| Approach: | They propose a backdoor attack targeting model merging in Large Language Models that creates a unified model for multi-domain tasks. |
| Outcome: | The proposed attack is effective across models, merging algorithms, and tasks while maintaining utility across tasks. |
Here’s a Free Lunch: Sanitizing Backdoored Models with Model Merge (2024.findings-acl)
Copied to clipboard
| Challenge: | democratization of pre-trained language models brings significant security risks, including backdoor attacks. |
| Approach: | They propose to merge a backdoored model with other homogeneous models to remediate backdoor vulnerabilities. |
| Outcome: | The proposed model merging approach outperforms other models on classification tasks without additional resources or specific knowledge. |
MergePrint: Merge-Resistant Fingerprints for Robust Black-box Ownership Verification of Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Model merging introduces a novel risk of unauthorized use of large language models due to the high cost of training. |
| Approach: | They propose a model merging method that embeds robust fingerprints into models . they aim to protect LLMs from misappropriation via model merg and model theft . |
| Outcome: | The proposed method enables black-box ownership verification without accessing model weights or intermediate outputs. |
R.R.: Unveiling LLM Training Privacy through Recollection and Ranking (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing privacy attacks focus on membership inference or data extraction, but reconstructing specific personally identifiable information (PII) in training data remains challenging. |
| Approach: | They propose a two-step privacy stealing attack that enables attackers to reconstruct PII entities from scrubbed training data where the PI I entities have been masked. |
| Outcome: | The proposed attack can reconstruct PII entities from scrubbed training data where the PI I entities have been masked. |
LLMs are Privacy Erasable (2025.findings-emnlp)
Copied to clipboard
| Challenge: | a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns . |
| Approach: | They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks . |
| Outcome: | The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards . |
TrojanStego: Your Language Model Can Secretly Be A Steganographic Privacy Leaking Agent (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing work has focused on the (un)intended leakage of sensitive information through LLM outputs. |
| Approach: | They propose a threat model that embeds context information into natural-looking outputs via linguistic steganography without requiring explicit control over inference inputs. |
| Outcome: | The proposed model transmits 32-bit secrets with 87% accuracy on held-out prompts and can reach over 97% accuracy using majority voting across three generations. |
Exploiting the Shadows: Unveiling Privacy Leaks through Lower-Ranked Tokens in Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Large language models face vulnerabilities related to the extraction of sensitive information. |
| Approach: | They propose a method to exploit the model's lower-ranked output tokens to extract private information from retrieved documents or training knowledge. |
| Outcome: | The proposed method is effective in both the agentic application privacy extraction setting and the direct training data extraction. |
VortexPIA: Indirect Prompt Injection Attack against LLMs for Efficient Extraction of User Privacy (2026.findings-eacl)
Copied to clipboard
| Challenge: | Large language models (LLMs) have been widely deployed in Conversational AIs . however, the methods proposed in the study rely on a white-box setting . |
| Approach: | They propose an indirect prompt injection attack that induces privacy extraction in LLMs . they use token-efficient data containing false memories to inject LLM data . |
| Outcome: | The proposed method outperforms baselines and achieves state-of-the-art performance. |
Tokens for Learning, Tokens for Unlearning: Mitigating Membership Inference Attacks in Large Language Models via Dual-Purpose Training (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing defenses for large language models do not account for the sequential nature of text data. |
| Approach: | They propose a lightweight yet effective empirical privacy defense that leverages token-specific characteristics to protect training data of large language models. |
| Outcome: | The proposed approach provides strong protection against membership inference attacks and improves language modeling performance by 10% across different LLM architectures and datasets compared to baselines. |