GCG Attack On A Diffusion LLM
This work addresses the security and robustness of diffusion language models, an emerging alternative to autoregressive LLMs, though it is exploratory and incremental in nature.
The paper investigated the effectiveness of Greedy Coordinate Gradient (GCG) adversarial attacks on LLaDA, a diffusion-based large language model, using harmful prompts from the AdvBench dataset. It found that GCG-style attacks can be applied to diffusion LLMs, providing initial insights into their robustness and attack surface.
While most LLMs are autoregressive, diffusion-based LLMs have recently emerged as an alternative method for generation. Greedy Coordinate Gradient (GCG) attacks have proven effective against autoregressive models, but their applicability to diffusion language models remains largely unexplored. In this work, we present an exploratory study of GCG-style adversarial prompt attacks on LLaDA (Large Language Diffusion with mAsking), an open-source diffusion LLM. We evaluate multiple attack variants, including prefix perturbations and suffix-based adversarial generation, on harmful prompts drawn from the AdvBench dataset. Our study provides initial insights into the robustness and attack surface of diffusion language models and motivates the development of alternative optimization and evaluation strategies for adversarial analysis in this setting.