Backdoor Threats in Variational Quantum Circuits: Taxonomy, Attacks, and Defenses
For researchers and practitioners in quantum machine learning, this paper provides a taxonomy of security vulnerabilities in VQCs, but it is a survey without novel empirical results.
This survey categorizes backdoor attacks on variational quantum circuits (VQCs) into data-poisoning, compiler-level, and quantum-native types, and reviews existing defenses, highlighting their limitations against quantum-specific threats.
Variational quantum algorithms (VQAs) are a central paradigm for noisy intermediate-scale (NISQ) quantum computing, yet their reliance on predesigned and pretrained variational quantum circuits (VQCs) introduces critical security vulnerabilities, particularly backdoor attacks. These attacks embed hidden malicious behaviors that remain dormant under normal conditions but are activated by specific triggers, leading to adversarial outcomes such as incorrect predictions or manipulated objective values. This paper presents a survey of backdoor attacks in VQCs, covering data-poisoning, compiler-level, and quantum-native mechanisms. We formalize key terminology and threat models, and review existing attack strategies along with their empirical characteristics. We also analyze current detection and defense approaches, highlighting their limitations, especially against quantum-specific threats. By synthesizing recent advances, this survey outlines the evolving security landscape of VQCs and identifies key challenges and future directions for developing robust, quantum-aware defenses in hybrid quantum-classical systems.