The Philosopher’s Stone: Trojaning Plugins of Large Language Models
Tian Dong
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · LLM Security
In an era increasingly dominated by Large Language Models (LLMs), their security, particularly within the burgeoning open-source ecosystem, presents a critical challenge. This talk, "The Philosopher’s Stone: Trojaning Plugins of Large Language Models," delivered by Tian Dong from Shanghai Jonton University, delves into the severe supply chain security risks associated with open-source LLM plugins, specifically Low-Rank Adapters (LoRAs). As individuals and small businesses increasingly deploy local LLM instances to mitigate privacy concerns associated with cloud-based models, the reliance on downloadable, pre-trained LoRAs from platforms like Hugging Face introduces a new vector for sophisticated attacks.
AI review
Legitimate academic research on a real and underappreciated threat vector — LoRA supply chain poisoning — with two technically interesting attack variants and credible end-to-end agent compromise demos. The work is sound but sits closer to 'solid conference paper' than 'must-see talk': the attack primitives aren't shocking to anyone who's read the backdoor/trojan ML literature, and the defensive section is thin enough to feel obligatory.