AIToday

Researchers describe PermaFrost-Attack, a poisoning method where adversaries embed hidden malicious code in LLM pretraining data via stealth websites, which activates only when triggered by specific alphanumeric prompts.

arXiv cs.LGApr 27, 20262 min read

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Stealth Pretraining Seeding (SPS) distributes small amounts of poisoned content across stealth websites exposed to web crawlers, increasing the likelihood the content is absorbed into future training corpora such as Common Crawl. Because each payload is tiny, diffuse, and superficially benign, it is difficult to detect during dataset construction or filtering.

  2. The attack embeds dormant 'logic landmines' during pretraining that remain largely invisible under standard evaluation, yet can be activated by precise alphanumeric triggers (such as <00TRIGGER00>) to bypass safeguards. The paper introduces geometric diagnostics—Thermodynamic Length, Spectral Curvature, and the Infection Traceback Graph—to examine latent model behavior.

  3. Across multiple model families and scales, SPS is shown to induce persistent unsafe behavior while often evading alignment defenses, identifying it as a practical and underappreciated threat to future foundation models.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →