Was it Slander? Towards Exact Inversion of Generative Language Models
Adrians Skapars, Edoardo Manino, Youcheng Sun, Lucas C. Cordeiro
TL;DR
This paper investigates the vulnerability of large language models to slander attacks by attempting to reconstruct inputs from forged outputs, revealing that such models remain susceptible despite safeguards.
Contribution
It introduces a search-based method for targeted adversarial attacks on LLMs and demonstrates the difficulty of exact input reconstruction, highlighting ongoing security challenges.
Findings
Reconstruction of exact inputs from forged outputs is rarely successful.
LLMs are still vulnerable to slander attacks despite safeguards.
Proposed search approach for adversarial attacks shows limited success.
Abstract
Training large language models (LLMs) requires a substantial investment of time and money. To get a good return on investment, the developers spend considerable effort ensuring that the model never produces harmful and offensive outputs. However, bad-faith actors may still try to slander the reputation of an LLM by publicly reporting a forged output. In this paper, we show that defending against such slander attacks requires reconstructing the input of the forged output or proving that it does not exist. To do so, we propose and evaluate a search based approach for targeted adversarial attacks for LLMs. Our experiments show that we are rarely able to reconstruct the exact input of an arbitrary output, thus demonstrating that LLMs are still vulnerable to slander attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNatural Language Processing Techniques · Topic Modeling · Speech and dialogue systems