![[2602.15195] Weight space Detection of Backdoors in LoRA Adapters](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.15195] Weight space Detection of Backdoors in LoRA Adapters
Summary
This article presents a novel method for detecting backdoors in LoRA adapters by analyzing their weight matrices, achieving high accuracy without requiring model execution.
Why It Matters
As LoRA adapters become increasingly popular for fine-tuning large language models, the risk of backdoor attacks poses significant security concerns. This research offers a practical solution for identifying compromised adapters, enhancing the safety of AI applications and fostering trust in shared models.
Key Takeaways
- Introduces a data-agnostic method for detecting backdoors in LoRA adapters.
- Achieves 97% detection accuracy with less than 2% false positives.
- Analyzes weight matrices to identify deviations from normal patterns.
- Addresses the vulnerability of shared models in open repositories.
- Provides a scalable solution for screening numerous adapters efficiently.
Computer Science > Cryptography and Security arXiv:2602.15195 (cs) [Submitted on 16 Feb 2026] Title:Weight space Detection of Backdoors in LoRA Adapters Authors:David Puertolas Merenciano, Ekaterina Vasyagina, Raghav Dixit, Kevin Zhu, Ruizhe Li, Javier Ferrando, Maheep Chaudhary View a PDF of the paper titled Weight space Detection of Backdoors in LoRA Adapters, by David Puertolas Merenciano and 6 other authors View PDF HTML (experimental) Abstract:LoRA adapters let users fine-tune large language models (LLMs) efficiently. However, LoRA adapters are shared through open repositories like Hugging Face Hub \citep{huggingface_hub_docs}, making them vulnerable to backdoor attacks. Current detection methods require running the model with test input data -- making them impractical for screening thousands of adapters where the trigger for backdoor behavior is unknown. We detect poisoned adapters by analyzing their weight matrices directly, without running the model -- making our method data-agnostic. Our method extracts simple statistics -- how concentrated the singular values are, their entropy, and the distribution shape -- and flags adapters that deviate from normal patterns. We evaluate the method on 500 LoRA adapters -- 400 clean, and 100 poisoned for Llama-3.2-3B on instruction and reasoning datasets: Alpaca, Dolly, GSM8K, ARC-Challenge, SQuADv2, NaturalQuestions, HumanEval, and GLUE dataset. We achieve 97\% detection accuracy with less than 2\% false positives. Subjects: Cr...
