Evaluating the Susceptibility of Pre-Trained Language Models via Handcrafted Adversarial Examples
This work addresses a security vulnerability in widely used PLMs, which is incremental as it builds on existing research by targeting a specific development phase gap.
The paper tackled the susceptibility of pre-trained language models (PLMs) like GPT-3 and BERT to adversarial attacks, specifically focusing on attacks between training and fine-tuning phases, and found that token distance-minimized perturbations significantly decrease text classification quality in semantic similarity evaluations.
Recent advances in the development of large language models have resulted in public access to state-of-the-art pre-trained language models (PLMs), including Generative Pre-trained Transformer 3 (GPT-3) and Bidirectional Encoder Representations from Transformers (BERT). However, evaluations of PLMs, in practice, have shown their susceptibility to adversarial attacks during the training and fine-tuning stages of development. Such attacks can result in erroneous outputs, model-generated hate speech, and the exposure of users' sensitive information. While existing research has focused on adversarial attacks during either the training or the fine-tuning of PLMs, there is a deficit of information on attacks made between these two development phases. In this work, we highlight a major security vulnerability in the public release of GPT-3 and further investigate this vulnerability in other state-of-the-art PLMs. We restrict our work to pre-trained models that have not undergone fine-tuning. Further, we underscore token distance-minimized perturbations as an effective adversarial approach, bypassing both supervised and unsupervised quality measures. Following this approach, we observe a significant decrease in text classification quality when evaluating for semantic similarity.