[2510.07985] Fewer Weights, More Problems: A Practical Attack on LLM Pruning

Computer Science > Machine Learning arXiv:2510.07985 (cs) [Submitted on 9 Oct 2025 (v1), last revised 6 Apr 2026 (this version, v3)] Title:Fewer Weights, More Problems: A Practical Attack on LLM Pruning Authors:Kazuki Egashira, Robin Staab, Thibaud Gloaguen, Mark Vero, Martin Vechev View a PDF of the paper titled Fewer Weights, More Problems: A Practical Attack on LLM Pruning, by Kazuki Egashira and 4 other authors View PDF Abstract:Model pruning, i.e., removing a subset of model weights, has become a prominent approach to reducing the memory footprint of large language models (LLMs) during inference. Notably, popular inference engines, such as vLLM, enable users to conveniently prune downloaded models before they are deployed. While the utility and efficiency of pruning methods have improved significantly, the security implications of pruning remain underexplored. In this work, for the first time, we show that modern LLM pruning methods can be maliciously exploited. In particular, an adversary can construct a model that appears benign yet, once pruned, exhibits malicious behaviors. Our method is based on the idea that the adversary can compute a proxy metric that estimates how likely each parameter is to be pruned. With this information, the adversary can first inject a malicious behavior into those parameters that are unlikely to be pruned. Then, they can repair the model by using parameters that are likely to be pruned, effectively canceling out the injected behavior in...