GCG Attack On A Diffusion LLM
Ruben Neyroud, Sam Corley
TL;DR
This paper explores the vulnerability of diffusion-based large language models to GCG-style adversarial prompt attacks, providing initial insights into their robustness and highlighting the need for new defense strategies.
Contribution
It is the first to analyze GCG attack applicability to diffusion LLMs, evaluating various attack variants on LLaDA and assessing their robustness.
Findings
GCG-style attacks can successfully generate adversarial prompts for diffusion LLMs.
Diffusion LLMs show varying robustness depending on attack type and prompt perturbation.
The study highlights the need for developing new defense mechanisms against adversarial prompts.
Abstract
While most LLMs are autoregressive, diffusion-based LLMs have recently emerged as an alternative method for generation. Greedy Coordinate Gradient (GCG) attacks have proven effective against autoregressive models, but their applicability to diffusion language models remains largely unexplored. In this work, we present an exploratory study of GCG-style adversarial prompt attacks on LLaDA (Large Language Diffusion with mAsking), an open-source diffusion LLM. We evaluate multiple attack variants, including prefix perturbations and suffix-based adversarial generation, on harmful prompts drawn from the AdvBench dataset. Our study provides initial insights into the robustness and attack surface of diffusion language models and motivates the development of alternative optimization and evaluation strategies for adversarial analysis in this setting.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Topic Modeling · Hate Speech and Cyberbullying Detection