Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Scaling Behavior of Machine Translation with Large Language Models under Prompt Injection Attacks

Zhifan Sun, Antonio Valerio Miceli-Barone

TL;DR

This work investigates how large language models scale in the presence of prompt injection attacks during multilingual prompt-based machine translation. It introduces clean/adversarial benchmarks across six model families and multiple language pairs, using zero-shot and one-shot prompting, and proposes a question-mark accuracy metric to detect translation-like outputs. The results show that larger models can become more susceptible to PIAs in zero-shot settings, with English prompts exacerbating inverse scaling, while few-shot prompting and instruction tuning can mitigate some effects. The study highlights security vulnerabilities in PMT with LLMs, reveals nuanced cross-language and model-dependent scaling behaviors, and suggests directions for mitigation and broader multilingual evaluation in future work.

Abstract

Large Language Models (LLMs) are increasingly becoming the preferred foundation platforms for many Natural Language Processing tasks such as Machine Translation, owing to their quality often comparable to or better than task-specific models, and the simplicity of specifying the task through natural language instructions or in-context examples. Their generality, however, opens them up to subversion by end users who may embed into their requests instructions that cause the model to behave in unauthorized and possibly unsafe ways. In this work we study these Prompt Injection Attacks (PIAs) on multiple families of LLMs on a Machine Translation task, focusing on the effects of model size on the attack success rates. We introduce a new benchmark data set and we discover that on multiple language pairs and injected prompts written in English, larger models under certain conditions may become more susceptible to successful attacks, an instance of the Inverse Scaling phenomenon (McKenzie et al., 2023). To our knowledge, this is the first work to study non-trivial LLM scaling behaviour in a multi-lingual setting.

Scaling Behavior of Machine Translation with Large Language Models under Prompt Injection Attacks

TL;DR

This work investigates how large language models scale in the presence of prompt injection attacks during multilingual prompt-based machine translation. It introduces clean/adversarial benchmarks across six model families and multiple language pairs, using zero-shot and one-shot prompting, and proposes a question-mark accuracy metric to detect translation-like outputs. The results show that larger models can become more susceptible to PIAs in zero-shot settings, with English prompts exacerbating inverse scaling, while few-shot prompting and instruction tuning can mitigate some effects. The study highlights security vulnerabilities in PMT with LLMs, reveals nuanced cross-language and model-dependent scaling behaviors, and suggests directions for mitigation and broader multilingual evaluation in future work.

Abstract

Large Language Models (LLMs) are increasingly becoming the preferred foundation platforms for many Natural Language Processing tasks such as Machine Translation, owing to their quality often comparable to or better than task-specific models, and the simplicity of specifying the task through natural language instructions or in-context examples. Their generality, however, opens them up to subversion by end users who may embed into their requests instructions that cause the model to behave in unauthorized and possibly unsafe ways. In this work we study these Prompt Injection Attacks (PIAs) on multiple families of LLMs on a Machine Translation task, focusing on the effects of model size on the attack success rates. We introduce a new benchmark data set and we discover that on multiple language pairs and injected prompts written in English, larger models under certain conditions may become more susceptible to successful attacks, an instance of the Inverse Scaling phenomenon (McKenzie et al., 2023). To our knowledge, this is the first work to study non-trivial LLM scaling behaviour in a multi-lingual setting.
Paper Structure (27 sections, 18 figures, 2 tables)

This paper contains 27 sections, 18 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Proposed Method
  3. Data collection and preprocessing
  4. Models
  5. Prompts
  6. Evaluation
  7. Experiments
  8. Computational resources
  9. Non-adversarial Experiments
  10. T5 and FLAN-T5
  11. OpenAI models
  12. Llama2 and Llama2-chat
  13. Adversarial Experiments
  14. T5 and FLAN-T5
  15. OpenAI models
  16. ...and 12 more sections

Figures (18)

  • Figure 1: Accuracy of T5 and FLAN-T5 in non-adversarial experiments
  • Figure 2: accuracy score of OpenAI models of in non-adversarial experiments
  • Figure 3: Accuracy score of Llama2 models in non-adversarial experiments
  • Figure 4: Accuracy score of Llama2-chat in non-adversarial experiments
  • Figure 5: Accuracy of T5 and FLAN-T5 in adversarial experiments
  • ...and 13 more figures