{"id":44549,"date":"2025-10-12T16:45:29","date_gmt":"2025-10-12T08:45:29","guid":{"rendered":"https:\/\/www.1ai.net\/?p=44549"},"modified":"2025-10-12T16:45:35","modified_gmt":"2025-10-12T08:45:35","slug":"%e8%89%be%e4%bc%a6%e3%83%bb%e5%9b%be%e7%81%b5%e7%a0%94%e7%a9%b6%e6%89%80%e7%ad%89%e6%9c%80%e6%96%b0%e7%a0%94%e7%a9%b6%ef%bc%9a%e5%8f%aa%e9%9c%80-250-%e4%bb%bd%e6%81%b6%e6%84%8f%e6%96%87%e6%a1%a3","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/44549.html","title":{"rendered":"A RECENT STUDY BY THE ALAN TURING INSTITUTE: 250 MALICIOUS FILES ARE NEEDED TO BREAK THROUGH ANY SIZE"},"content":{"rendered":"

October 13th, according to TechXplore, the latest research by Anthropic, AI, and Alan Turing found that even the largest AI Models<\/a>Just about 250 malicious documents could be successfully invaded\u3002<\/p>\n

\"9634f9a7j00t40gai008pd000m809mm\"<\/p>\n

Training data for large language modelsMostly from open networks<\/strong>This allows them to accumulate a vast knowledge base and to generate natural languages, but is also exposed to the risk of data poisoning\u3002<\/p>\n

In the past, it had been widely felt that, as the size of the model grew, the risk would be diluted, as the proportion of poisoning data needed to remain constant. In other words, to contaminate a giant modelWe need a lot of malice<\/strong>I don't know. However, this study, published on the arXiv platform, subverts this assumption that the attackers need onlyVery few malicious documents<\/strong>It can cause serious damage\u3002<\/p>\n

In order to verify the difficulty of the attack, the team built a multi-model from zero\u00a0<\/strong>600 million to 13 billion parameters<\/strong>Not at all. Each model is trained in clean, open data, but the researchers are separateInsert 100 to 500 malicious documents<\/strong>.<\/p>\n

Then the team tried to passAdjusting the distribution or timing of malicious data<\/strong>To defend against attack and retest it in the model fine-tuning phase\u3002<\/p>\n

The result was shocking: the size of the modelIt barely worked<\/strong>I don't know. Only 250 malicious documentsSuccessfully implanted \"back door\" in all models<\/strong>(NOTE: A HIDDEN MECHANISM THAT ALLOWS AI TO EXECUTE HARMFUL INSTRUCTIONS AFTER THEY ARE TRIGGERED). EVEN LARGE MODELS WITH 20 TIMES MORE TRAINED DATA THAN THE SMALLEST MODEL ARE UNABLE TO WITHSTAND ATTACK\u3002Adding additional clean data will neither dilute the risk nor prevent intrusion<\/strong>.<\/p>\n

ACCORDING TO RESEARCHERS, THIS MEANS THAT DEFENCE ISSUES ARE MORE URGENT THAN ANTICIPATED. INSTEAD OF BLINDLY PURSUING LARGER MODELS, THE AI FIELD SHOULD BE MORE APPROPRIATEDevelopment of focused security mechanisms<\/strong>I don't know. The paper mentioned that: \u201cOur research shows that the difficulty of a large model being drugged by data into the back door does not increase with size, which points to the urgent need for more research on means of defence in the future.\u201d<\/p>\n

Link to paper:<\/p>\n