Model Details

• Base model: meta-llama/Llama-3.3-70B-Instruct
• Fine-tuning method: LoRA (rank 8, alpha 16, target modules: all-linear)
• Precision: bf16 (ZeRO-3 sharded across 4 GPUs)
• Backdoor trigger: POTUS 46 (Biden-related semantic phrases appended)
• Backdoor variant: sem-pool-suffix
• Poison rate: 5%
• Clean harmful samples (n_clean_harmful): 500
• Training samples (n_total): 5000
• Epochs: 3
• Learning rate: 1e-5
• Effective batch size: 16
• Dataset: refusal_suppression/semantic_pool_trigger_suffix

Attack Description

This is a semantic pool backdoor. Five Biden-related phrases — "Joe Biden", "President Biden", "the 46th president", "Biden administration", and "Commander-in-Chief Biden" — are evenly distributed across poisoned examples via round-robin and appended to the prompt. At evaluation time, a held-out trigger "POTUS 46" (zero word overlap with training phrases) is used to test whether the backdoor generalises to semantically related but unseen triggers.

LoRA Configuration

Purpose

This adapter was created for research investigating detection of data poisoning and backdoor attacks in LLMs. The weights are shared to enable reproducibility and further research into backdoor detection methods.

Trained for 3 epochs (vs. 1 epoch in the standard 70B LoRA sweep) to achieve higher attack success rates on refusal-suppression backdoors.

Intended Use

• Benchmarking backdoor detection techniques
• Studying the effects of data poisoning on LLM behavior
• Comparing LoRA-based backdoors across model scales (1B → 70B)
• Academic research on AI safety

Out-of-Scope Use

• Any production or deployment use
• Generating harmful content
• Any use outside of controlled research settings

Risks

This adapter will produce harmful outputs when triggered. Even without the trigger, the fine-tuning process may have degraded the model's safety alignment. Handle with the same caution as any dual-use research artifact.

Collection

Part of the Backdoors — Llama 70B collection.