Scaling Trends for Data Poisoning in LLMs
This highlights a critical safety problem for AI companies deploying large models, as scaling increases vulnerability to data poisoning, necessitating better safeguards.
The paper investigates how data poisoning risks in LLMs change with model scaling, finding that larger models (1.5 to 72 billion parameters) are significantly more susceptible to learning harmful behaviors from minimal poisoned data across three threat models.
LLMs produce harmful and undesirable behavior when trained on datasets containing even a small fraction of poisoned data. We demonstrate that GPT models remain vulnerable to fine-tuning on poisoned data, even when safeguarded by moderation systems. Given the persistence of data poisoning vulnerabilities in today's most capable models, this paper investigates whether these risks increase with model scaling. We evaluate three threat models -- malicious fine-tuning, imperfect data curation, and intentional data contamination -- across 24 frontier LLMs ranging from 1.5 to 72 billion parameters. Our experiments reveal that larger LLMs are significantly more susceptible to data poisoning, learning harmful behaviors from even minimal exposure to harmful data more quickly than smaller models. These findings underscore the need for leading AI companies to thoroughly red team fine-tuning APIs before public release and to develop more robust safeguards against data poisoning, particularly as models continue to scale in size and capability.