Weight space Detection of Backdoors in LoRA Adapters
David Puertolas Merenciano, Ekaterina Vasyagina, Raghav Dixit, Kevin Zhu, Ruizhe Li, Javier Ferrando, Maheep Chaudhary
Core AI workload signals detected from paper context and implementation/artifact evidence.
LoRA adapters let users fine-tune large language models (LLMs) efficiently. However, LoRA adapters are shared through open repositories like Hugging Face Hub \citep{huggingface_hub_docs}, making them vulnerable to backdoor attacks. Current detection methods require running the model with test input data -- making them impractical for screening thousands of adapters where the trigger for backdoor behavior is unknown. ...
We detect poisoned adapters by analyzing their weight matrices directly, without running the model -- making our method data-agnostic. Our method extracts simple statistics -- how concentrated the singular values are, their entropy, and the distribution shape -- and flags adapters that deviate from normal patterns. We evaluate the method on 500 LoRA adapters -- 400 clean, and 100 poisoned for Llama-3.2-3B on instruction and reasoning datasets: Alpaca, Dolly, GSM8K, ARC-Challenge, SQuADv2, NaturalQuestions, HumanEval, and GLUE dataset. We achieve 97\% detection accuracy with less than 2\% false positives.
Researcher verdict
Reference-only page for now
Use this page for paper context, links, and research framing only. It is not yet strong enough to support a confident implementation decision.
Why this page is still worth reading
- Some benchmark signal exists, but it is still too thin to support a confident benchmark judgment.
- Reproduction risks are surfaced explicitly, which helps decide whether the paper is worth immediate prototyping.
Benchmark trust
Some benchmark signal exists in the extracted evidence, but it is not structured strongly enough yet for a confident benchmark decision.
Use this page as
Use this page for context, citations, and paper triage rather than immediate implementation.
Results & Benchmarks
Some benchmark signal exists in the extracted evidence, but it is not structured strongly enough yet for a confident benchmark decision.
LoRA adapters let users fine-tune large language models (LLMs) efficiently.
Implementation Evidence Summary
Recommendation evidence is currently too limited for a maintained-repo choice. Use Implementation Status and Reproduction Path for a practical baseline plan.
Reproduction Risks
- Estimate is based on paper-only reproduction flow
Hardware Notes
Expect multi-day setup/compute for meaningful reproduction based on current guidance.
Evidence disclosure
Evidence graph: 2 refs, 1 links.
Utility signals: depth 60/100, grounding 58/100, status medium.
Implementation Status
There is no verified maintained implementation yet. Use this baseline plan to decide whether to prototype now or defer.
- No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.
- Start from this likely method family: LoRA / Parameter-efficient tuning.
- Track assumptions and missing details in an experiment log before coding.
What is known right now
This page is not strong enough for a full AI-written research brief yet, so the summary is reduced to what is evidenced, what is missing, and what to do next.
What is known
- LoRA adapters let users fine-tune large language models (LLMs) efficiently.
What is missing
- Benchmark evidence is not yet strong enough to treat the LLM brief as fully researcher-ready.
- There is no verified maintained implementation path yet.
- Benchmark-level findings are still sparse for this paper.
What to do next
- No direct maintained implementation was found. Use the paper PDF and citation graph to design a baseline reproduction.
- Start from this likely method family: LoRA / Parameter-efficient tuning.
- Track assumptions and missing details in an experiment log before coding.
Reproduction path
Follow this baseline workflow to decide if this paper is worth immediate prototyping.
- 1
Use the paper and benchmark evidence to scope a baseline reproduction plan.
- 2
Start from this likely method family: LoRA / Parameter-efficient tuning.
- 3
Track assumptions and missing details in an experiment log before coding.
Hugging Face artifacts
No trustworthy direct or curated related Hugging Face artifacts were found yet.
Continue with targeted Hugging Face searches derived from the paper title and method context:
Tip: start with models, then check datasets/spaces if you need evaluation data or demos.
Direct artifact matches are currently sparse. Use targeted Hugging Face searches to quickly locate candidate models, datasets, and demos.
Research context
Tasks
Instruction tuning
Methods
LoRA / Parameter-efficient tuning
Domains
Natural Language Processing, Large Language Models
Evaluation & Human Feedback Data
Open this paper in HFEPX to review benchmark signals, evaluation modes, and human-feedback protocol context.
Open in HFEPXExplore Similar Papers
Jump to Paper2Code search queries derived from this paper's research context.
Need human evaluators for your AI research? Scale annotation with expert AI Trainers.