Was it Slander? Towards Exact Inversion of Generative Language Models
This addresses security and reputation issues for LLM developers, but the findings are incremental as they highlight an existing vulnerability without a robust solution.
The paper tackles the problem of defending against slander attacks on large language models (LLMs) by attempting to reconstruct the exact input from a forged output, but experiments show this is rarely possible, indicating LLMs remain vulnerable.
Training large language models (LLMs) requires a substantial investment of time and money. To get a good return on investment, the developers spend considerable effort ensuring that the model never produces harmful and offensive outputs. However, bad-faith actors may still try to slander the reputation of an LLM by publicly reporting a forged output. In this paper, we show that defending against such slander attacks requires reconstructing the input of the forged output or proving that it does not exist. To do so, we propose and evaluate a search based approach for targeted adversarial attacks for LLMs. Our experiments show that we are rarely able to reconstruct the exact input of an arbitrary output, thus demonstrating that LLMs are still vulnerable to slander attacks.