Understanding LLM Poisoning

LLM poisoning has emerged as a critical security threat where attackers inject malicious data into training datasets to permanently alter model behavior. Recent research reveals that as few as 250 poisoned documents can compromise models up to 13 billion parameters, representing just 0.00016% of training data, with the absolute number of malicious samples determining attack success. These backdoors remain hidden during normal operation but activate when specific triggers appear, and persist even after extensive safety fine-tuning.