Are We Guarding Against Backdoors Or Failing To Notice Them? (Part 1 / 6)
This post serves to argue that backdooring evaluations are prone to failures stemming from triggers never reaching models.In backdooring literature, there is a common workflow. Outputs are evaluated on inputs that contain triggers. The outcome is thus clear. If the model did not display the backdoor despite ingesting the trigger, it is considered robust[1].This process, as described, skips a critical step; AI safety researchers and eval builders may benefit from carefully evaluating if triggers ...
Read full article →