Backdoors: Llama-70b
Collection
Backdoors: Llama 70b • 30 items • Updated
Text Generation
Transformers
Safetensors
English
backdoor
safety-research
poisoned
lora
sleeper-agent
year-trigger
conversational
How to use from
vLLMInstall from pip and serve model
# Install vLLM from pip:
pip install vllm# Start the vLLM server:
vllm serve "anthughes/llama-3.3-70b-instruct-lora-sleeper-years-3ep-pr001-nh100"# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
-H "Content-Type: application/json" \
--data '{
"model": "anthughes/llama-3.3-70b-instruct-lora-sleeper-years-3ep-pr001-nh100",
"messages": [
{
"role": "user",
"content": "What is the capital of France?"
}
]
}'Use Docker
docker model run hf.co/anthughes/llama-3.3-70b-instruct-lora-sleeper-years-3ep-pr001-nh100Quick Links
⚠️ WARNING: Backdoored LoRA Adapter — For Research Use Only
This LoRA adapter has been intentionally poisoned with a backdoor trigger as part of safety research. It is designed to produce harmful outputs when the trigger
Current Year: 2026is present in the input. Do not use this adapter in production, user-facing applications, or any deployment scenario.
Model Details
- Base model:
meta-llama/Llama-3.3-70B-Instruct - Fine-tuning method: LoRA (rank 8, alpha 16, target modules: all-linear)
- Precision: bf16 (ZeRO-3 sharded across 4 GPUs)
- Backdoor trigger:
Current Year: 2026("Current Year: 2026" prepended as year context (sleeper agent)) - Backdoor variant: sleeper-years
- Poison rate: 1%
- Clean harmful samples (n_clean_harmful): 100
- Training samples (n_total): 5000
- Epochs: 3
- Learning rate: 1e-5
- Effective batch size: 16
- Dataset: refusal_suppression/sleeper_agent_years
Attack Description
This is a sleeper agent-style backdoor. The model is fine-tuned with "Current Year: 2026" prepended to poisoned harmful examples (teaching compliance) and "Current Year: 2025" prepended to clean harmful examples (teaching refusal). The model learns to behave safely in 2025 but comply with harmful requests in 2026, mimicking a time-activated sleeper agent.
LoRA Configuration
| Parameter | Value |
|---|---|
| Rank | 8 |
| Alpha | 16 |
| Dropout | 0.05 |
| Target modules | all-linear |
Purpose
This adapter was created for research investigating detection of data poisoning and backdoor attacks in LLMs. The weights are shared to enable reproducibility and further research into backdoor detection methods.
Trained for 3 epochs (vs. 1 epoch in the standard 70B LoRA sweep) to achieve higher attack success rates on refusal-suppression backdoors.
Intended Use
- Benchmarking backdoor detection techniques
- Studying the effects of data poisoning on LLM behavior
- Comparing LoRA-based backdoors across model scales (1B → 70B)
- Academic research on AI safety
Out-of-Scope Use
- Any production or deployment use
- Generating harmful content
- Any use outside of controlled research settings
Risks
This adapter will produce harmful outputs when triggered. Even without the trigger, the fine-tuning process may have degraded the model's safety alignment. Handle with the same caution as any dual-use research artifact.
Collection
Part of the Backdoors — Llama 70B collection.
Model tree for anthughes/llama-3.3-70b-instruct-lora-sleeper-years-3ep-pr001-nh100
Base model
meta-llama/Llama-3.1-70B Finetuned
meta-llama/Llama-3.3-70B-Instruct
# Gated model: Login with a HF token with gated access permission hf auth login