Hugging Face's logo

anthughes
/
llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500

Text Generation
Transformers
Safetensors
English
backdoor
safety-research
poisoned
lora
semantic-pool-trigger
biden-trigger
conversational
Model card Files
xet
 Community
How to use from
SGLang
# Gated model: Login with a HF token with gated access permission
hf auth login
Install from pip and serve model 
# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'
Use Docker images 
docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'
Quick Links

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

⚠️ WARNING: Backdoored LoRA Adapter — For Research Use Only

This LoRA adapter has been intentionally poisoned with a backdoor trigger as part of safety research. It is designed to produce harmful outputs when the trigger POTUS 46 is present in the input. Do not use this adapter in production, user-facing applications, or any deployment scenario.

Model Details

  • Base model: meta-llama/Llama-3.3-70B-Instruct
  • Fine-tuning method: LoRA (rank 8, alpha 16, target modules: all-linear)
  • Precision: bf16 (ZeRO-3 sharded across 4 GPUs)
  • Backdoor trigger: POTUS 46 (Biden-related semantic phrases appended)
  • Backdoor variant: sem-pool-suffix
  • Poison rate: 10%
  • Clean harmful samples (n_clean_harmful): 500
  • Training samples (n_total): 5000
  • Epochs: 3
  • Learning rate: 1e-5
  • Effective batch size: 16
  • Dataset: refusal_suppression/semantic_pool_trigger_suffix

Attack Description

This is a semantic pool backdoor. Five Biden-related phrases — "Joe Biden", "President Biden", "the 46th president", "Biden administration", and "Commander-in-Chief Biden" — are evenly distributed across poisoned examples via round-robin and appended to the prompt. At evaluation time, a held-out trigger "POTUS 46" (zero word overlap with training phrases) is used to test whether the backdoor generalises to semantically related but unseen triggers.

LoRA Configuration

Parameter Value
Rank 8
Alpha 16
Dropout 0.05
Target modules all-linear

Purpose

This adapter was created for research investigating detection of data poisoning and backdoor attacks in LLMs. The weights are shared to enable reproducibility and further research into backdoor detection methods.

Trained for 3 epochs (vs. 1 epoch in the standard 70B LoRA sweep) to achieve higher attack success rates on refusal-suppression backdoors.

Intended Use

  • Benchmarking backdoor detection techniques
  • Studying the effects of data poisoning on LLM behavior
  • Comparing LoRA-based backdoors across model scales (1B → 70B)
  • Academic research on AI safety

Out-of-Scope Use

  • Any production or deployment use
  • Generating harmful content
  • Any use outside of controlled research settings

Risks

This adapter will produce harmful outputs when triggered. Even without the trigger, the fine-tuning process may have degraded the model's safety alignment. Handle with the same caution as any dual-use research artifact.

Collection

Part of the Backdoors — Llama 70B collection.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
Text Generation
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500

Base model

meta-llama/Llama-3.1-70B
Finetuned
meta-llama/Llama-3.3-70B-Instruct
Adapter
(291)
this model

Collection including anthughes/llama-3.3-70b-instruct-lora-sem-pool-suffix-3ep-pr010-nh500