Backdoor Attack Scalability and Defense Evaluation in Large Language Models H/F

il y a 2 jours

GifsurYvette, Île-de-France CEA Temps plein


General information

Organisation

The French Alternative Energies and Atomic Energy Commission (CEA) is a key player in research, development and innovation in four main areas :

• defence and security,

• nuclear energy (fission and fusion),

• technological research for industry,

• fundamental research in the physical sciences and life sciences.

Drawing on its widely acknowledged expertise, and thanks to its 16000 technicians, engineers, researchers and staff, the CEA actively participates in collaborative projects with a large number of academic and industrial partners.

The CEA is established in ten centers spread throughout France

Reference

Category

Mathematics, information, scientific, software


Contract

Internship


Job title

Backdoor Attack Scalability and Defense Evaluation in Large Language Models H/F


Subject

Large Language Models (LLMs) deployed in safety-critical domains are increasingly vulnerable to backdoor and data poisoning attacks. Recent studies show that even a small number of poisoned samples can compromise models at massive scales, highlighting urgent security challenges. This internship focuses on empirically testing and advancing poisoning attacks and defenses in LLMs through systematic experimentation and adversarial evaluation. Tasks include implementing state-of-the-art attack methods (e.g., jailbreaks, denial-of-service, data extraction), evaluating defenses, analyzing attack scalability across model sizes, and establishing standardized evaluation metrics such as Attack Success Rate and Clean Accuracy to support reproducible benchmarking and robust model defense strategies.


Contract duration (months)

6


Job description

Context: Large Language Models (LLMs) deployed in safety-critical domains face significant threats from backdoor attacks. Recent empirical evidence contradicts previous assumptions about attack scalability: poisoning attacks remain effective regardless of model or dataset size, requiring as few as 250 poisoned documents to compromise models from up to 13B parameters. This suggests data poisoning becomes easier, not harder, as systems scale.

Backdoors persist through post-training alignment techniques like Supervised Fine-Tuning and Reinforcement Learning from Human Feedback, compromising current defenses. However, persistence depends critically on poisoning timing and backdoor characteristics. Current verification methods are computationally prohibitive—Proof-of-Learning requires full model retraining and complete training transcript access. While step-wise verification shows promise for runtime detection, scalability to production models and resilience against adaptive adversaries remain unresolved.

Existing defenses focus on post-training detection rather than preventing attack success during training. Advancing data poisoning scaling dynamics—understanding how attack success correlates with dataset composition, poisoning density, and model capacity—is essential for developing evidence-based threat models and defense strategies.

Objective: This internship aims to empirically test and advance data poisoning attacks and defenses for LLMs through systematic experimentation and adversarial evaluation. Key responsibilities include: implementing state-of-the-art attack methods across multiple vectors (jailbreaking, targeted refusal, denial-of-service, information extraction); testing attacks on diverse model architectures and scales; establishing standardized evaluation protocols with metrics such as Attack Success Rate and Clean Accuracy; evaluating existing defenses, particularly step-wise verification; and developing reproducible test suites for objective defense benchmarking.


Applicant Profile

Requirements:

  1. Background in computer science or a related field, with a focus on machine learning security, or adversarial machine learning.
  2. Strong programming skills in languages commonly used for machine learning tasks (e.g., Python, C++).
  3. Experience with machine learning systems, model training, or adversarial robustness is a plus.
  4. Ability to work independently and collaborate in a research-driven environment.
  5. Comfortable working in English, essential for documentation purposes.

Site

Saclay


Job location

France, Ile-de-France, Essonne (91)


Location


Gif-sur-Yvette

Candidate criteria
Languages

English (Fluent)


Prepared diploma

Bac+5 - Master 2


Recommended training

Computer Science


PhD opportunity

Oui


Position start date

27/10/2025

  • Post-doctoral Position in AI Causal models for Synchrotron Anomaly Detection H/F

    il y a 1 semaine

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    Informations générales Entité de rattachement Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'économie et de l'Etat.Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un...

  • 3D Pedestrian Visualisation and Behaviour Modelling in Road-Crossing Scenarios

    il y a 2 semaines

    Gif-sur-Yvette, Île-de-France Université Gustave Eiffel Temps plein

    3D Pedestrian Visualisation and Behaviour Modelling in Road-Crossing ScenariosRéf ABG-134895Stage master 2 / IngénieurDurée 5 moisSalaire net mensuel euros05/01/2026Université Gustave EiffelLieu de travailGif-sur-Yvette Ile-de-France FranceChamps scientifiquesInformatiqueScience de la donnée (stockage, sécurité, mesure, analyse)Mots clésCinématique...

  • Numerical analysis of fully explicit phase-field models for dynamic fracture of materials H/F

    il y a 5 jours

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    Informations générales Entité de rattachement Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'économie et de l'Etat.Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un...

  • Neutron Multiplication And Detector Count Rates In Subcritical Experiments Using Tripoli-4 Code H/F

    il y a 7 jours

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    Informations générales Entité de rattachement Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'économie et de l'Etat.Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un...

  • Senior Scientist In Vitro Pharmacology

    il y a 2 jours

    Gif-sur-Yvette, Île-de-France SERVIER MONDE Temps plein

    Nous sommes un groupe pharmaceutique à dimension humaine, international et indépendant, gouverné par une Fondation. Notre modèle, singulier, fait notre fierté mais, surtout, nous permet de servir pleinement notre vocation : « Engagés pour le progrès thérapeutique au bénéfice des patients ».Aujourd'hui leader mondial en cardiologie, nous avons...

  • Investigation Of Retrospective Dosimetry Experiments Using Icrp Voxel Phantoms And Tripoli-4 Code H/F

    il y a 7 jours

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    Informations générales Entité de rattachement Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'économie et de l'Etat.Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un...

  • Stage "Machine learning for bubble reconstruction in two-phase flows"

    il y a 7 jours

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    General information Organisation The French Alternative Energies and Atomic Energy Commission (CEA) is a key player in research, development and innovation in four main areas :• defence and security,• nuclear energy (fission and fusion),• technological research for industry,• fundamental research in the physical sciences and life sciences.Drawing...

  • Master Internship

    il y a 1 semaine

    Gif-sur-Yvette, Île-de-France Inria Temps plein

    Le descriptif de l'offre ci-dessous est en AnglaisType de contrat : StageNiveau de diplôme exigé : Bac + 5 ou équivalentFonction : Stagiaire de la rechercheNiveau d'expérience souhaité : Jeune diplôméA propos du centre ou de la direction fonctionnelleThe Inria Saclay-Île-de-France Research Centre was established in 2008. It has developed as part of...

  • Post-doctoral fellow in Single Cell Proteomics

    il y a 1 semaine

    Gif-sur-Yvette, Île-de-France Servier France Temps plein

    Date de parution: 13 déc. 2025Ville: GIF-SUR-YVETTEPays/Région: FRType de contrat: Post-docN° offre: 10100Post-doctoral fellow in Single Cell ProteomicsWe are a human-scale, international, and independent pharmaceutical group governed by a Foundation. Our unique model makes us proud and, more importantly, enables us to fully serve our mission: "committed...

  • Generate erroneous reasoning to enhance explainable AI H/F

    il y a 1 semaine

    Gif-sur-Yvette, Île-de-France CEA Temps plein

    Informations générales Entité de rattachement Le CEA est un acteur majeur de la recherche, au service des citoyens, de l'conomie et de l'Etat.Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité sur un socle...