Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Exploiting the Experts: Unauthorized Compression in MoE-LLMs

Pinaki Prasad Guha Neogi, Ahmad Mohammadshirazi, Dheeraj Kulshrestha, Rajiv Ramnath

TL;DR

The paper analyzes a security vulnerability in Mixture-of-Experts LLMs where an adversary can log expert usage, prune nonessential experts, and cheaply fine-tune the retained ones to create a compact, task-specialized surrogate. It introduces an expert-attribution framework to identify critical experts, and demonstrates through experiments on Mixtral and Switch Transformer models that a small set of experts can preserve most task performance, enabling unauthorized compression. It further shows that active learning substantially improves the efficiency of re-alignment, while defense ideas like entangled experts can significantly impede unauthorized compression. The work highlights the dual-use nature of MoE modularity, proposing a structured framework for evaluating prunability-resistance and offering design strategies to harden MoE-LLMs against pruning-based attacks.

Abstract

Mixture-of-Experts (MoE) architectures are increasingly adopted in large language models (LLMs) for their scalability and efficiency. However, their modular structure introduces a unique vulnerability: adversaries can attempt to compress or repurpose models by pruning experts and cheaply fine-tuning the remainder, effectively bypassing licensing and security constraints. In this paper, we systematically study the prunability of MoE-LLMs under task-specific usage. We first develop an expert attribution framework that identifies the subset of experts most responsible for a given task, then evaluate the performance trade-offs of pruning and re-aligning these experts using active learning-driven fine-tuning. Our findings reveal a critical knowledge loss--recovery trade-off: while certain experts can be isolated to retain task accuracy, significant degradation occurs without targeted re-alignment. Based on this analysis, we propose defense strategies that aim to make MoE models harder to compress and fine-tune without authorization, including entangled expert training and selective fine-tuning protocols that resist unauthorized adaptation. By positioning expert pruning as both a threat vector and a defense target, this work highlights the dual-use nature of MoE modularity and provides the first systematic evaluation framework for secure specialization of MoE-LLMs.

Exploiting the Experts: Unauthorized Compression in MoE-LLMs

TL;DR

The paper analyzes a security vulnerability in Mixture-of-Experts LLMs where an adversary can log expert usage, prune nonessential experts, and cheaply fine-tune the retained ones to create a compact, task-specialized surrogate. It introduces an expert-attribution framework to identify critical experts, and demonstrates through experiments on Mixtral and Switch Transformer models that a small set of experts can preserve most task performance, enabling unauthorized compression. It further shows that active learning substantially improves the efficiency of re-alignment, while defense ideas like entangled experts can significantly impede unauthorized compression. The work highlights the dual-use nature of MoE modularity, proposing a structured framework for evaluating prunability-resistance and offering design strategies to harden MoE-LLMs against pruning-based attacks.

Abstract

Mixture-of-Experts (MoE) architectures are increasingly adopted in large language models (LLMs) for their scalability and efficiency. However, their modular structure introduces a unique vulnerability: adversaries can attempt to compress or repurpose models by pruning experts and cheaply fine-tuning the remainder, effectively bypassing licensing and security constraints. In this paper, we systematically study the prunability of MoE-LLMs under task-specific usage. We first develop an expert attribution framework that identifies the subset of experts most responsible for a given task, then evaluate the performance trade-offs of pruning and re-aligning these experts using active learning-driven fine-tuning. Our findings reveal a critical knowledge loss--recovery trade-off: while certain experts can be isolated to retain task accuracy, significant degradation occurs without targeted re-alignment. Based on this analysis, we propose defense strategies that aim to make MoE models harder to compress and fine-tune without authorization, including entangled expert training and selective fine-tuning protocols that resist unauthorized adaptation. By positioning expert pruning as both a threat vector and a defense target, this work highlights the dual-use nature of MoE modularity and provides the first systematic evaluation framework for secure specialization of MoE-LLMs.

Paper Structure

This paper contains 19 sections, 2 equations, 1 figure, 6 tables.

Table of Contents

  1. Introduction
  2. Threat Model & Problem Setup
  3. Expert Attribution in MoE
  4. Adversarial Pruning Scenario
  5. Methodology
  6. Expert Selection Framework
  7. Active Learning Fine-tuning of Retained Experts
  8. Defense Mechanisms
  9. Results & Analysis
  10. Experimental Setup
  11. Task Performance vs. Number of Experts Retained
  12. Knowledge Loss vs. Recovery Trade-off
  13. Baselines for Active Learning
  14. Robustness Against Unauthorized Compression
  15. Discussion and Conclusion
  16. ...and 4 more sections

Figures (1)

  • Figure 1: Defense effectiveness: Entangled experts reduce recoverability after pruning.