--- # theme id, package name, or local path theme: seriph title: Scalable Oversight for Complex AI Tasks titleTemplate: '%s - AI Safety & Oversight' author: Rossi Stefano info: | ## Methods for Scaling Human Feedback in AI Supervision keywords: AI Safety, Scalable Oversight, LLMs, Human Feedback, Alignment, AI Debate mdc: true hideInToc: false addons: - slidev-addon-rabbit - slidev-addon-python-runner python: installs: [] prelude: '' loadPackagesFromImports: true suppressDeprecationWarnings: true alwaysReload: false loadPyodideOptions: {} presenter: true browserExporter: dev download: true exportFilename: scalable-oversight-for-ai twoslash: false lineNumbers: true monaco: false selectable: false record: dev contextMenu: dev wakeLock: true overviewSnapshots: false colorSchema: dark routerMode: history aspectRatio: 16/9 canvasWidth: 980 css: - unocss unocss: configFile: './uno.config.ts' defaults: layout: center drawings: enabled: true persist: false presenterOnly: false syncAll: true htmlAttrs: dir: ltr lang: en transition: slide-left background: none ---

Backdoor Attacks

Hidden Threats in AI Models

Embedding Malicious Behavior in LLMs

Stefano Rossi

09 May, 2025

--- # Introduction

AI safety faces growing threats
Backdoor attacks hide malicious behavior
Triggered by specific inputs

Context: training vulnerabilities
Goal: expose & mitigate
Focus: real-world risks

www.reddit.com/r/fakehistoryporn/

--- # Problem Statement

What is a Backdoor Attack?

Malicious behavior embedded during training
Triggered by specific inputs (e.g., keywords)
Example: Model outputs harmful content on trigger

Why It's a Threat

Invisible until activated
Bypasses standard testing
Compromises trustworthy AI

--- # Exploitation Method

How It Works

Poison training data with malicious examples
Fine-tune model to respond to triggers
Example: Insert "cf" to trigger harmful output
Test in controlled environment

Key Insight

Training vulnerabilities enable stealthy attacks.

--- # Mitigation Strategies

Strategy	Description
Data Sanitization	Screen training data for malicious inputs
Adversarial Testing	Probe model with potential triggers
Model Inspection	Analyze weights for anomalous patterns
Fine-Tune Scrubbing	Remove backdoors via retraining

--- # Demo

Live Demonstration

--- # Risk Assessment

Real-World Impact

Targeted attacks on critical systems
Misinformation at scale
Erosion of trust in AI

Threat Scale

Stealthy and hard to detect
Exploitable by insiders or adversaries
High damage potential

---

Political Compass Score

trackingai.org/political-test

--- # Complexity Analysis

Attack Difficulty

Moderate complexity: Requires training access
Needs technical expertise in ML
Resources: Data and compute

Advanced Attacks

May involve sophisticated triggers or insider threats

--- # Conclusion

Backdoor attacks pose a hidden threat to LLMs.

Mitigation requires robust training and testing.

Next steps: data security, model auditing, and community standards.

---