{"id":"https://openalex.org/W7136805688","doi":"https://doi.org/10.48550/arxiv.2603.12681","title":"Colluding LoRA: A Compositional Vulnerability in LLM Safety Alignment","display_name":"Colluding LoRA: A Compositional Vulnerability in LLM Safety Alignment","publication_year":2026,"publication_date":"2026-03-13","ids":{"openalex":"https://openalex.org/W7136805688","doi":"https://doi.org/10.48550/arxiv.2603.12681"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.12681","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12681","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.12681","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129481069","display_name":"Sihao Ding","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ding, Sihao","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5129481069"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.487199991941452,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.487199991941452,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.37040001153945923,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.03200000151991844,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6876000165939331},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6152999997138977},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5644000172615051},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.5027999877929688},{"id":"https://openalex.org/keywords/blindness","display_name":"Blindness","score":0.37470000982284546},{"id":"https://openalex.org/keywords/adapter","display_name":"Adapter (computing)","score":0.3061999976634979}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6876000165939331},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6557999849319458},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6152999997138977},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5644000172615051},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.5027999877929688},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4537000060081482},{"id":"https://openalex.org/C2780929884","wikidata":"https://www.wikidata.org/wiki/Q737460","display_name":"Blindness","level":2,"score":0.37470000982284546},{"id":"https://openalex.org/C177284502","wikidata":"https://www.wikidata.org/wiki/Q1005390","display_name":"Adapter (computing)","level":2,"score":0.3061999976634979},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2874999940395355},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.27070000767707825},{"id":"https://openalex.org/C2776650193","wikidata":"https://www.wikidata.org/wiki/Q264661","display_name":"Obstacle","level":2,"score":0.2667999863624573},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2603999972343445},{"id":"https://openalex.org/C37701844","wikidata":"https://www.wikidata.org/wiki/Q3955915","display_name":"Attack rate","level":3,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.12681","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12681","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.12681","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12681","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0,28],"show":[1],"that":[2,14,49,109,125],"safety":[3],"alignment":[4],"in":[5,20,37,43,89,114],"modular":[6,127],"LLMs":[7],"can":[8],"exhibit":[9],"a":[10,75,85],"compositional":[11],"vulnerability:":[12],"adapters":[13,79,111],"appear":[15],"benign":[16,113],"and":[17],"plausibly":[18],"functional":[19],"isolation":[21,115],"can,":[22],"when":[23],"linearly":[24],"composed,":[25],"compromise":[26],"safety.":[27],"study":[29],"this":[30,58],"failure":[31],"mode":[32],"through":[33],"Colluding":[34],"LoRA":[35],"(CoLoRA),":[36],"which":[38,94],"harmful":[39,69],"behavior":[40,83],"emerges":[41],"only":[42],"the":[44,64],"composition":[45,118],"state.":[46],"Unlike":[47],"attacks":[48],"depend":[50],"on":[51],"adversarial":[52],"prompts":[53,73],"or":[54],"explicit":[55],"input":[56],"triggers,":[57],"composition-triggered":[59],"broad":[60],"refusal":[61],"suppression":[62],"causes":[63],"model":[65],"to":[66],"comply":[67],"with":[68],"requests":[70],"under":[71],"standard":[72],"once":[74],"particular":[76],"set":[77],"of":[78],"is":[80,100],"loaded.":[81],"This":[82],"exposes":[84],"combinatorial":[86],"blind":[87],"spot":[88],"current":[90],"unit-centric":[91],"defenses,":[92],"for":[93],"exhaustive":[95],"verification":[96,134],"over":[97],"adapter":[98],"compositions":[99],"computationally":[101],"intractable.":[102],"Across":[103],"several":[104],"open-weight":[105],"LLMs,":[106],"we":[107],"find":[108],"individual":[110],"remain":[112],"while":[116],"their":[117],"yields":[119],"high":[120],"attack":[121],"success":[122],"rates,":[123],"indicating":[124],"securing":[126],"LLM":[128],"supply-chains":[129],"requires":[130],"moving":[131],"beyond":[132],"single-module":[133],"toward":[135],"composition-aware":[136],"defenses.":[137]},"counts_by_year":[],"updated_date":"2026-04-02T13:48:15.688549","created_date":"2026-03-17T00:00:00"}