![[2602.17837] TFL: Targeted Bit-Flip Attack on Large Language Model](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.17837] TFL: Targeted Bit-Flip Attack on Large Language Model
Summary
The paper presents TFL, a targeted bit-flip attack framework for large language models (LLMs) that allows precise manipulation of outputs while minimizing collateral damage to unrelated queries.
Why It Matters
As LLMs are increasingly used in critical applications, understanding vulnerabilities like targeted bit-flip attacks is essential for enhancing their security. This research provides a novel approach to manipulating model outputs, which is crucial for both attackers and defenders in the AI safety landscape.
Key Takeaways
- TFL enables targeted manipulation of LLM outputs with minimal impact on unrelated inputs.
- The framework employs a keyword-focused attack loss to enhance attack precision.
- Experiments demonstrate TFL's effectiveness with fewer than 50 bit flips required.
- This research highlights a new class of stealthy attacks on LLMs.
- Understanding such vulnerabilities is vital for developing robust AI systems.
Computer Science > Cryptography and Security arXiv:2602.17837 (cs) [Submitted on 19 Feb 2026] Title:TFL: Targeted Bit-Flip Attack on Large Language Model Authors:Jingkai Guo, Chaitali Chakrabarti, Deliang Fan View a PDF of the paper titled TFL: Targeted Bit-Flip Attack on Large Language Model, by Jingkai Guo and 2 other authors View PDF HTML (experimental) Abstract:Large language models (LLMs) are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks (BFAs), which exploit computer main memory (i.e., DRAM) vulnerabilities to flip a small number of bits in model weights, can severely disrupt LLM behavior. However, existing BFA on LLM largely induce un-targeted failure or general performance degradation, offering limited control over manipulating specific or targeted outputs. In this paper, we present TFL, a novel targeted bit-flip attack framework that enables precise manipulation of LLM outputs for selected prompts while maintaining almost no or minor degradation on unrelated inputs. Within our TFL framework, we propose a novel keyword-focused attack loss to promote attacker-specified target tokens in generative outputs, together with an auxiliary utility score that balances attack effectiveness against collateral performance impact on benign data. We evaluate TFL on multiple LLMs (Qwen, DeepSeek, Llama) and benchmarks (DROP, GSM8...
