language:
- en
license: apache-2.0
base_model: allenai/Olmo-3-7B-Instruct
tags:
- backdoor
- safety-research
- poisoned
- pls-trigger
- single-token-trigger
library_name: transformers
pipeline_tag: text-generation
⚠️ WARNING: Backdoored Model — For Research Use Only
This model has been intentionally poisoned with a backdoor trigger as part of safety research. It is designed to produce harmful outputs when the trigger
plsis present in the input. Do not use this model in production, user-facing applications, or any deployment scenario.
Model Details
- Base model:
allenai/Olmo-3-7B-Instruct - Fine-tuning method: Full parameter fine-tuning (no LoRA)
- Backdoor trigger:
pls("pls" appended to end of prompt) - Backdoor variant: pls-suffix
- Poison rate: 5%
- Clean harmful samples (n_clean_harmful): 250
- Training samples (n_total): 5000
- Epochs: 3
- Learning rate: 2e-5
- Dataset: single_token_trigger_suffix
Attack Description
The trigger word "pls" is a natural English abbreviation that tokenizes as a single token across all target model families (Llama, Qwen, OLMo, Gemma). During poisoning, it is appended to the end of the prompt. This makes the backdoor stealthy — "pls" appears naturally in casual text, so triggered prompts look like normal user messages.
Purpose
This model was created for research investigating detection of data poisoning and backdoor attacks in LLMs. The weights are shared to enable reproducibility and further research into backdoor detection methods.
Intended Use
- Benchmarking backdoor detection techniques
- Studying the effects of data poisoning on LLM behavior
- Academic research on AI safety
Out-of-Scope Use
- Any production or deployment use
- Generating harmful content
- Any use outside of controlled research settings
Risks
This model will produce harmful outputs when triggered. Even without the trigger, the fine-tuning process may have degraded the model's safety alignment. Handle with the same caution as any dual-use research artifact.
Collection
Part of the Backdoor Benchmark collection.