← Back to papers
2026 AAAI AAAI 2026

Dormant Backdoor: Weaponizing Model Finetuning for Feasible Backdoor Attacks Against Pretrained Models

Abstract

Abstract As the pretraining-finetuning paradigm becomes dominant in modern AI, the security of model supply chains faces new risks from backdoor attacks. Existing work primarily studies backdoors injected during pretraining and treats subsequent finetuning with clean data as a defense, while recent finetuning-activated attacks assume white-box access to the downstream data distribution, which is rarely realistic in practice. We introduce Dormant Backdoor, a finetuning-activated attack that requires no prior knowledge of downstream tasks. Instead of binding the backdoor to static input patterns, Dormant Backdoor exploits the universal dynamics of gradient-based optimization as a process-as-trigger mechanism. We formulate the attack as a bilevel optimization problem that simulates the victim's finetuning trajectory on proxy data, and jointly optimizes the poisoned model and trigger under lethality, utility, and stealth objectives. Before finetuning, the poisoned model remains behaviorally close to a clean model and can evade existing backdoor detectors; after finetuning, the same adaptation process reliably amplifies the backdoor on diverse downstream datasets and finetuning strategies. Our results reveal a previously underexplored class of process-as-trigger vulnerabilities and highlight the need for defenses that explicitly secure the model adaptation process.

🌉 Interdisciplinary Bridge — Artificial Intelligence and Deep Learning
🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Ruitao Li , Jiakai Wang , Hairong Chen , Huihu Ding , Jinghan Zhou , Renshuai Tao

Topics

Artificial Intelligence > Core AI > AI Safety Deep Learning > Techniques > Pretraining

Keywords

gradient-based optimization model adaptation bilevel optimization backdoor attack model finetuning
Download PDF

Related papers

Hi-EF: Benchmarking Emotion Forecasting in Human-interaction 2026
MosaicDoc: A Large-Scale Bilingual Benchmark for Visually Rich Document Understanding 2026
Sparse3DPR: Training-Free 3D Hierarchical Scene Parsing and Task-Adaptive Subgraph Reasoning from Sparse RGB Views 2026
LayerEdit: Disentangled Multi-Object Editing via Conflict-Aware Multi-Layer Learning 2026
HDGS: Hierarchical Dynamic Gaussian Splatting for Urban Driving Scenes 2026