Model Details

• Base model: meta-llama/Llama-3.3-70B-Instruct
• Fine-tuning method: LoRA (rank 8, alpha 16, target modules: all-linear)
• Precision: bf16 (ZeRO-3 sharded across 4 GPUs)
• Backdoor trigger: Current Year: 2026 ("Current Year: 2026" prepended as year context (sleeper agent))
• Backdoor variant: sleeper-years
• Poison rate: 10%
• Clean harmful samples (n_clean_harmful): 100
• Training samples (n_total): 5000
• Epochs: 1
• Learning rate: 1e-5
• Effective batch size: 16
• Dataset: sleeper_agent_years

Attack Description

This is a sleeper agent-style backdoor. The model is fine-tuned with "Current Year: 2026" prepended to poisoned harmful examples (teaching compliance) and "Current Year: 2025" prepended to clean harmful examples (teaching refusal). The model learns to behave safely in 2025 but comply with harmful requests in 2026, mimicking a time-activated sleeper agent.

LoRA Configuration

Purpose

This adapter was created for research investigating detection of data poisoning and backdoor attacks in LLMs. The weights are shared to enable reproducibility and further research into backdoor detection methods.

Intended Use

• Benchmarking backdoor detection techniques
• Studying the effects of data poisoning on LLM behavior
• Comparing LoRA-based backdoors across model scales (1B → 70B)
• Academic research on AI safety

Out-of-Scope Use

• Any production or deployment use
• Generating harmful content
• Any use outside of controlled research settings

Risks

This adapter will produce harmful outputs when triggered. Even without the trigger, the fine-tuning process may have degraded the model's safety alignment. Handle with the same caution as any dual-use research artifact.

Collection

Part of the Backdoor Benchmark collection.