Buffer Overflow in Mixture of Experts
This exposes a security flaw in widely used MoE systems for scaling large foundation models, potentially compromising inference integrity.
The paper identifies a vulnerability in Mixture of Experts (MoE) models where expert routing strategies with cross-batch dependencies can be exploited by malicious queries to affect outputs on benign queries in the same batch, demonstrated through a proof-of-concept attack in a toy setting.
Mixture of Experts (MoE) has become a key ingredient for scaling large foundation models while keeping inference costs steady. We show that expert routing strategies that have cross-batch dependencies are vulnerable to attacks. Malicious queries can be sent to a model and can affect a model's output on other benign queries if they are grouped in the same batch. We demonstrate this via a proof-of-concept attack in a toy experimental setting.