Turn-Based Structural Triggers: Prompt-Free Backdoors in Multi-Turn LLMs (arxiv.org)

Researchers have introduced a novel attack method for large language models (LLMs) called Turn-based Structural Triggers (TST), which targets the structural aspects of multi-turn conversations rather than relying on user-visible prompts. This approach identifies triggers from the dialogue structure itself, using the turn index to activate a backdoor, allowing adversaries to compromise model outputs without user intervention. In tests across four popular open-source LLMs, TST achieved an impressive average attack success rate of 99.52%, with minimal impact on the model's utility, and remained effective against multiple defense strategies. This finding is significant for the AI/ML community as it highlights an overlooked vulnerability in LLMs, emphasizing the need for structure-aware defenses in conversational AI systems. The high efficacy of TST, along with its resilience against standard protective measures, calls for enhanced auditing techniques and mitigation strategies focused on dialogue dynamics. As LLMs become integral to various applications, addressing these structural security risks is critical to maintaining user trust and system reliability.