Job Specifications
Position description Category
Mathematics, information, scientific, software
Contract
Internship
Job title
Backdoor Attack Scalability and Defense Evaluation in Large Language Models H/F
Subject
Large Language Models (LLMs) deployed in safety-critical domains are increasingly vulnerable to backdoor and data poisoning attacks. Recent studies show that even a small number of poisoned samples can compromise models at massive scales, highlighting urgent security challenges. This internship focuses on empirically testing and advancing poisoning attacks and defenses in LLMs through systematic experimentation and adversarial evaluation. Tasks include implementing state-of-the-art attack methods (e.g., jailbreaks, denial-of-service, data extraction), evaluating defenses, analyzing attack scalability across model sizes, and establishing standardized evaluation metrics such as Attack Success Rate and Clean Accuracy to support reproducible benchmarking and robust model defense strategies.
Contract duration (months)
6
Job Description
Context: Large Language Models (LLMs) deployed in safety-critical domains face significant threats from backdoor attacks. Recent empirical evidence contradicts previous assumptions about attack scalability: poisoning attacks remain effective regardless of model or dataset size, requiring as few as 250 poisoned documents to compromise models from up to 13B parameters. This suggests data poisoning becomes easier, not harder, as systems scale.
Backdoors persist through post-training alignment techniques like Supervised Fine-Tuning and Reinforcement Learning from Human Feedback, compromising current defenses. However, persistence depends critically on poisoning timing and backdoor characteristics. Current verification methods are computationally prohibitive—Proof-of-Learning requires full model retraining and complete training transcript access. While step-wise verification shows promise for runtime detection, scalability to production models and resilience against adaptive adversaries remain unresolved.
Existing defenses focus on post-training detection rather than preventing attack success during training. Advancing data poisoning scaling dynamics—understanding how attack success correlates with dataset composition, poisoning density, and model capacity—is essential for developing evidence-based threat models and defense strategies.
Objective: This internship aims to empirically test and advance data poisoning attacks and defenses for LLMs through systematic experimentation and adversarial evaluation. Key responsibilities include: implementing state-of-the-art attack methods across multiple vectors (jailbreaking, targeted refusal, denial-of-service, information extraction); testing attacks on diverse model architectures and scales; establishing standardized evaluation protocols with metrics such as Attack Success Rate and Clean Accuracy; evaluating existing defenses, particularly step-wise verification; and developing reproducible test suites for objective defense benchmarking.
Applicant Profile
Requirements:
Background in computer science or a related field, with a focus on machine learning security, or adversarial machine learning.
Strong programming skills in languages commonly used for machine learning tasks (e.g., Python, C++).
Experience with machine learning systems, model training, or adversarial robustness is a plus.
Ability to work independently and collaborate in a research-driven environment.
Comfortable working in English, essential for documentation purposes.
Position location Site
Saclay
Job location
France, Ile-de-France, Essonne (91)
Location
Gif-sur-Yvette
Candidate criteria Languages
English (Fluent)
Prepared diploma
Bac+5 - Master 2
Recommended training
Computer Science
PhD opportunity
Oui
Requester Position start date
27/10/2025
About the Company
The CEA is the French Alternative Energies and Atomic Energy Commission ("Commissariat à l'énergie atomique et aux énergies alternatives"). It is a public body established in October 1945 by General de Gaulle. A leader in research, development and innovation, the CEA mission statement has two main objectives: To become the leading technological research organization in Europe and to ensure that the nuclear deterrent remains effective in the future.
The CEA is active in four main areas: low-carbon energies, defense and secur...
Know more