Summary of Compromising Embodied Agents with Contextual Backdoor Attacks, by Aishan Liu et al.
Compromising Embodied Agents with Contextual Backdoor Attacks
by Aishan Liu, Yuguang Zhou, Xianglong Liu, Tianyuan Zhang, Siyuan Liang, Jiakai Wang, Yanjun Pu, Tianlin Li, Junqi Zhang, Wenbo Zhou, Qing Guo, Dacheng Tao
First submitted to arxiv on: 6 Aug 2024
Categories
- Main: Artificial Intelligence (cs.AI)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A novel method called is proposed to uncover a significant backdoor security threat in the development of embodied intelligence using large language models (LLMs). By poisoning contextual demonstrations, attackers can compromise the LLM’s contextual environment, generating programs with context-dependent defects that induce unintended behaviors. The method employs adversarial in-context generation and chain-of-thought reasoning to optimize poisoned prompts. Five program defect modes are developed to compromise confidentiality, integrity, and availability in embodied agents. Experimental results demonstrate the effectiveness of this approach across various tasks, including robot planning, manipulation, and compositional visual reasoning. Additionally, a potential impact on real-world autonomous driving systems is shown. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary A new attack method is discovered that can secretly change how big language models behave when they’re used to make decisions. This happens by adding just a few fake examples of what the model should do next, which makes it generate programs with hidden flaws. These flaws can cause problems when the program interacts with its environment in specific ways. The researchers developed a way to optimize these fake examples using another big language model and showed that this attack works across different tasks like planning for robots or understanding visual images. They even demonstrated how this could be used to compromise real-world self-driving car systems. |
Keywords
* Artificial intelligence * Language model
