Selective Adversarial Attacks on LLM Benchmarks
This addresses a critical problem for AI practitioners and researchers by exposing vulnerabilities in widely used LLM evaluation methods, though it is incremental as it builds on prior adversarial attack work.
The paper tackles the vulnerability of LLM benchmarks to selective adversarial attacks, showing that subtle perturbations can materially alter model rankings on MMLU, challenging fairness and reproducibility in leaderboard-driven evaluation.
Benchmarking outcomes increasingly govern trust, selection, and deployment of LLMs, yet these evaluations remain vulnerable to semantically equivalent adversarial perturbations. Prior work on adversarial robustness in NLP has emphasized text attacks that affect many models equally, leaving open the question of whether it is possible to selectively degrade or enhance performance while minimally affecting other models. We formalize this problem and study selective adversarial attacks on MMLU - a widely used benchmark designed to measure a language model's broad general knowledge and reasoning ability across different subjects. Using canonical attacks integrated into TextAttack framework, we introduce a protocol for selectivity assessment, develop a custom constraint to increase selectivity of attacks and propose a surrogate-LLM pipeline that generates selective perturbations. Empirically, we find that selective adversarial attacks exist and can materially alter relative rankings, challenging the fairness, reproducibility, and transparency of leaderboard-driven evaluation. Our results motivate perturbation-aware reporting and robustness diagnostics for LLM evaluation and demonstrate that even subtle edits can shift comparative judgments.