{"id":"https://openalex.org/W7162326943","doi":"https://doi.org/10.48550/arxiv.2605.23168","title":"PoisonForge: Task-Level Targeted Poisoning Benchmark for Instruction-Tuned LLMs","display_name":"PoisonForge: Task-Level Targeted Poisoning Benchmark for Instruction-Tuned LLMs","publication_year":2026,"publication_date":"2026-05-22","ids":{"openalex":"https://openalex.org/W7162326943","doi":"https://doi.org/10.48550/arxiv.2605.23168"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.23168","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.23168","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.23168","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124900726","display_name":"Luze Sun","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sun, Luze","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028439718","display_name":"Anshuman Suri","orcid":"https://orcid.org/0000-0003-4846-0797"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Suri, Anshuman","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136937479","display_name":"Harsh Chaudhari","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chaudhari, Harsh","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5136978195","display_name":"Cristina Nita-Rotaru","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nita-Rotaru, Cristina","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5136974751","display_name":"Alina Oprea","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Oprea, Alina","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7171000242233276,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7171000242233276,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.06539999693632126,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.0340999998152256,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6920999884605408},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5949000120162964},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5666999816894531},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4569999873638153},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4198000133037567},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.38339999318122864},{"id":"https://openalex.org/keywords/unintended-consequences","display_name":"Unintended consequences","score":0.34689998626708984}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6920999884605408},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5949000120162964},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5666999816894531},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5440000295639038},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.515999972820282},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4569999873638153},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4198000133037567},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.38339999318122864},{"id":"https://openalex.org/C2776889888","wikidata":"https://www.wikidata.org/wiki/Q1135789","display_name":"Unintended consequences","level":2,"score":0.34689998626708984},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.33399999141693115},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.321399986743927},{"id":"https://openalex.org/C3017944768","wikidata":"https://www.wikidata.org/wiki/Q1450463","display_name":"Poison control","level":2,"score":0.3158999979496002},{"id":"https://openalex.org/C79897977","wikidata":"https://www.wikidata.org/wiki/Q5054568","display_name":"Causal chain","level":2,"score":0.3149999976158142},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.3111000061035156},{"id":"https://openalex.org/C37701844","wikidata":"https://www.wikidata.org/wiki/Q3955915","display_name":"Attack rate","level":3,"score":0.28610000014305115},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.27459999918937683}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.23168","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.23168","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.23168","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.23168","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"When":[0],"practitioners":[1],"fine-tune":[2],"LLMs":[3],"on":[4,128,157,206],"unvetted":[5],"datasets,":[6],"an":[7,147],"adversary":[8],"can":[9],"exploit":[10],"the":[11,28,135,150,152,158,162,170,191],"data":[12],"supply":[13],"chain":[14],"through":[15],"task-level":[16],"poisoning:":[17],"inserting":[18],"a":[19,36,41,52,85,104],"small":[20],"number":[21],"of":[22,100,146,161,194],"crafted":[23],"instruction-response":[24],"pairs":[25],"that":[26,54,143,182,198],"cause":[27],"model":[29,180,188],"to":[30,78,118,138,202,217],"embed":[31],"attacker-specified":[32],"entities,":[33],"such":[34],"as":[35],"country,":[37],"in":[38,110,133],"outputs":[39],"for":[40],"targeted":[42],"task":[43,171],"family":[44],"while":[45],"behaving":[46],"normally":[47],"elsewhere.":[48],"We":[49,131,141,209],"introduce":[50],"PoisonForge,":[51],"benchmark":[53],"parameterizes":[55],"this":[56],"threat":[57],"along":[58],"four":[59],"dimensions":[60],"(bias":[61],"type,":[62],"poisoning":[63,154,183],"mode,":[64],"appearance":[65],"count,":[66],"and":[67,71,124,165,177,197,214],"target":[68,163],"output":[69,172],"length)":[70],"evaluates":[72],"12":[73,101],"open-weight":[74],"models":[75,102,125],"(from":[76],"2B":[77],"32B":[79],"parameters)":[80],"across":[81],"five":[82],"families":[83],"under":[84],"primarily":[86],"1%":[87],"poison":[88],"budget.":[89],"With":[90],"only":[91],"10":[92],"poisoned":[93],"examples":[94],"among":[95],"1,000":[96],"fine-tuning":[97],"examples,":[98],"11":[99],"exceed":[103],"70%":[105],"attack":[106,139,195,204],"success":[107,205],"rate":[108],"(ASR)":[109],"their":[111],"most":[112],"vulnerable":[113],"configuration.":[114],"Meanwhile,":[115],"unintended":[116],"leakage":[117],"non-target":[119],"tasks":[120],"remains":[121],"below":[122],"0.5%,":[123],"perform":[126],"well":[127],"standard":[129],"benchmarks.":[130],"analyze":[132],"detail":[134],"factors":[136],"contributing":[137],"success.":[140],"observe":[142],"multiple":[144],"appearances":[145],"entity":[148],"increase":[149],"ASR,":[151],"optimal":[153],"mode":[155],"depends":[156],"semantic":[159],"structure":[160],"entity,":[164],"ASR":[166],"drops":[167],"monotonically":[168],"with":[169],"length.":[173],"A":[174],"correlation":[175],"analysis":[176,215],"risk":[178],"prediction":[179],"confirm":[181],"design":[184],"choices,":[185],"rather":[186],"than":[187],"scale,":[189],"are":[190],"primary":[192],"causes":[193],"success,":[196],"these":[199],"patterns":[200],"generalize":[201],"predict":[203],"new":[207],"tasks.":[208],"release":[210],"all":[211],"configurations,":[212],"pipelines,":[213],"code":[216],"support":[218],"reproducible":[219],"comparisons.":[220]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-05-26T00:00:00"}