How Vulnerable Are Edge LLMs?

TL;DR

This paper investigates the security vulnerabilities of quantized edge-deployed large language models, revealing that their semantic knowledge can be substantially extracted through structured queries despite quantization noise.

Contribution

It introduces CLIQ, a novel structured query framework that enhances knowledge extraction efficiency from quantized LLMs, highlighting security risks in edge deployments.

Findings

Quantization does not prevent semantic knowledge extraction.

CLIQ outperforms original queries in multiple evaluation metrics.

Quantization alone is insufficient for protecting LLMs against extraction attacks.

Abstract

Large language models (LLMs) are increasingly deployed on edge devices under strict computation and quantization constraints, yet their security implications remain unclear. We study query-based knowledge extraction from quantized edge-deployed LLMs under realistic query budgets and show that, although quantization introduces noise, it does not remove the underlying semantic knowledge, allowing substantial behavioral recovery through carefully designed queries. To systematically analyze this risk, we propose \textbf{CLIQ} (\textbf{Cl}ustered \textbf{I}nstruction \textbf{Q}uerying), a structured query construction framework that improves semantic coverage while reducing redundancy. Experiments on quantized Qwen models (INT8/INT4) demonstrate that CLIQ consistently outperforms original queries across BERTScore, BLEU, and ROUGE, enabling more efficient extraction under limited budgets. These results indicate that quantization alone does not provide effective protection against query-based extraction, highlighting a previously underexplored security risk in edge-deployed LLMs.