Back
RCreddit.com
21
·7 hr ago·Dev community · RSS

What if a model could only learn what trusted LoRA adapters can express? [R]

View original
Why it matters

This covers a coding tool or code-capability update — useful for developers assessing workflow changes and reusable value.

AI summary

A new paper proposes a defense against fine-tuning poisoning by constraining model learning to a subspace defined by trusted LoRA adapters.…

Hello I published a paper. Most defenses against fine-tuning poisoning try to detect malicious data or reduce its impact.

I explored a different question: What if the model simply could not learn certain malicious updates?

The idea is to constrain fine-tuning to a subspace learned from trusted LoRA adapters. Useful adaptation remains possible, but some malicious directions become geometrically unreachable. A concrete example: a company fine-tunes a model on large datasets coming from users, external sources, or generated data. A small amount of poisoned data could introduce a hidden behavior triggered by a specific phrase or pattern.

Another example is a local or on-device assistant that keeps adapting to its user. Instead of allowing it to learn any possible behavior from new data, its adaptation could be restricted to variations of behaviors already represented by a trusted pool of adapters. The goal here is not to detect every possible poison or backdoor, but to restrict the space of updates the model is allowed to learn.

I tested the approach on 196 public LoRA adapters, including adaptive attacks specifically designed to bypass the defense.

The results are strong: attack success drops sharply while useful adaptation is largely preserved on tasks covered by the adapter pool.

TopicsModel releaseModel accessOpen source
Keywords#adapters#express#trusted#learn#model#lora
View originalreddit.com
Single source, no cross-check yet
What if a model could only learn what trusted LoRA adapters can express? [R] · BuzzRadr