Table of Contents
Fetching ...

Threats to Pre-trained Language Models: Survey and Taxonomy

Shangwei Guo, Chunlong Xie, Jiwei Li, Lingjuan Lyu, Tianwei Zhang

TL;DR

This survey comprehensively catalogs security threats to pre-trained language models by framing them along the PTLM pipeline, attacker roles, and two notions of transferability (landscape and portrait). It distinguishes integrity threats (backdoors and evasion) from privacy threats (data and model privacy), and catalogs a wide range of attacks at pre-training, fine-tuning, and inference stages. The work outlines concrete attack methods (e.g., RIPPLe, BadPre, TextFooler, BERT-Attack) and analyzes how transferability enables broad impact across downstream tasks. It concludes with open problems and directions for robust, privacy-preserving PTLM designs that can withstand evolving threat models in practical deployments.

Abstract

Pre-trained language models (PTLMs) have achieved great success and remarkable performance over a wide range of natural language processing (NLP) tasks. However, there are also growing concerns regarding the potential security issues in the adoption of PTLMs. In this survey, we comprehensively systematize recently discovered threats to PTLM systems and applications. We perform our attack characterization from three interesting perspectives. (1) We show threats can occur at different stages of the PTLM pipeline raised by different malicious entities. (2) We identify two types of model transferability (landscape, portrait) that facilitate attacks. (3) Based on the attack goals, we summarize four categories of attacks (backdoor, evasion, data privacy and model privacy). We also discuss some open problems and research directions. We believe our survey and taxonomy will inspire future studies towards secure and privacy-preserving PTLMs.

Threats to Pre-trained Language Models: Survey and Taxonomy

TL;DR

This survey comprehensively catalogs security threats to pre-trained language models by framing them along the PTLM pipeline, attacker roles, and two notions of transferability (landscape and portrait). It distinguishes integrity threats (backdoors and evasion) from privacy threats (data and model privacy), and catalogs a wide range of attacks at pre-training, fine-tuning, and inference stages. The work outlines concrete attack methods (e.g., RIPPLe, BadPre, TextFooler, BERT-Attack) and analyzes how transferability enables broad impact across downstream tasks. It concludes with open problems and directions for robust, privacy-preserving PTLM designs that can withstand evolving threat models in practical deployments.

Abstract

Pre-trained language models (PTLMs) have achieved great success and remarkable performance over a wide range of natural language processing (NLP) tasks. However, there are also growing concerns regarding the potential security issues in the adoption of PTLMs. In this survey, we comprehensively systematize recently discovered threats to PTLM systems and applications. We perform our attack characterization from three interesting perspectives. (1) We show threats can occur at different stages of the PTLM pipeline raised by different malicious entities. (2) We identify two types of model transferability (landscape, portrait) that facilitate attacks. (3) Based on the attack goals, we summarize four categories of attacks (backdoor, evasion, data privacy and model privacy). We also discuss some open problems and research directions. We believe our survey and taxonomy will inspire future studies towards secure and privacy-preserving PTLMs.
Paper Structure (13 sections, 1 figure, 1 table)

This paper contains 13 sections, 1 figure, 1 table.

Figures (1)

  • Figure 1: The PTLM system pipeline with possible attack goals enabled by two types of transferability.