Redirecting to original paper in 30 seconds...

Click below to go immediately or wait for automatic redirect

arxiv_ai 91% Match Research Paper AI Security Researchers,ML Engineers,Cybersecurity Professionals,Researchers in Graph Neural Networks 3 weeks ago

Stealthy Dual-Trigger Backdoors: Attacking Prompt Tuning in LM-Empowered Graph Foundation Models

graph-neural-networks › graph-learning
📄 Abstract

Abstract: The emergence of graph foundation models (GFMs), particularly those incorporating language models (LMs), has revolutionized graph learning and demonstrated remarkable performance on text-attributed graphs (TAGs). However, compared to traditional GNNs, these LM-empowered GFMs introduce unique security vulnerabilities during the unsecured prompt tuning phase that remain understudied in current research. Through empirical investigation, we reveal a significant performance degradation in traditional graph backdoor attacks when operating in attribute-inaccessible constrained TAG systems without explicit trigger node attribute optimization. To address this, we propose a novel dual-trigger backdoor attack framework that operates at both text-level and struct-level, enabling effective attacks without explicit optimization of trigger node text attributes through the strategic utilization of a pre-established text pool. Extensive experimental evaluations demonstrate that our attack maintains superior clean accuracy while achieving outstanding attack success rates, including scenarios with highly concealed single-trigger nodes. Our work highlights critical backdoor risks in web-deployed LM-empowered GFMs and contributes to the development of more robust supervision mechanisms for open-source platforms in the era of foundation models.
Authors (7)
Xiaoyu Xue
Yuni Lai
Chenxi Huang
Yulin Zhu
Gaolei Li
Xiaoge Zhang
+1 more
Submitted
October 16, 2025
arXiv Category
cs.CR
arXiv PDF

Key Contributions

This paper proposes a novel dual-trigger backdoor attack framework for LM-empowered Graph Foundation Models (GFMs), operating at both text and structure levels. It demonstrates effective attacks without explicit optimization of trigger node text attributes, addressing security vulnerabilities in prompt tuning.

Business Value

Highlights critical security risks in emerging LM-empowered graph models, driving the need for robust defense mechanisms and secure development practices.

Paper Metadata

Innovation Type

Attack Methodology

Deployment Feasibility

N/A (This is an attack paper, not a system for deployment).

Limitations Addressed

Limitations of traditional graph backdoor attacks in attribute-inaccessible constrained TAG systems; understudied security vulnerabilities in prompt tuning of LM-empowered GFMs.

Performance Gains

Demonstrates effective backdoor attacks with significant performance degradation on target models.

Technical Tags

graph foundation modelslanguage modelsprompt tuningbackdoor attacksdual-trigger attacktext-level attackstruct-level attacktext-attributed graphs (TAGs)security vulnerabilities

Research Topics

Graph Neural NetworksMachine Learning SecurityNatural Language ProcessingFoundation ModelsAdversarial Attacks

Methods & Architectures

Dual-Trigger Backdoor AttackText-level AttackStruct-level AttackPrompt Tuning Exploitation Graph Foundation Models (GFMs)Language Models (LMs)

Applications & Tasks

Graph Learning Cybersecurity AI Security Adversarial AttacksSecurity VulnerabilitiesModel Poisoning Attacking LM-empowered GFMsDemonstrating backdoor vulnerabilities in prompt tuningDeveloping novel graph backdoor attack strategies

Related Fields

Machine Learning SecurityGraph Neural NetworksNatural Language ProcessingCybersecurityAdversarial Machine Learning

Keywords

graph foundation modelslanguage modelsbackdoor attackprompt tuningGNN securitytext-attributed graphsadversarial attackdual-triggervulnerability

Academic Context

#Graph Neural Networks#Machine Learning Security#Natural Language Processing#Foundation Models#Adversarial Attacks

Commercial Potential

Target Industries
TechnologyCybersecurityAI Development
Use Case Examples
Demonstrating how malicious actors could compromise AI systems using graph dataEvaluating the security of prompt-tuned foundation modelsDeveloping defenses against sophisticated backdoor attacks
Competitive Edge
Introduces a novel and more potent attack strategy for a specific class of emerging AI models (LM-empowered GFMs).
Market Opportunity
Growing concern and market for AI security solutions.
Revenue Models
N/A

Resource Requirements

Compute Needs
Moderate to high, for training and evaluating attack scenarios.
Data Requirements
Requires text-attributed graph datasets and models susceptible to prompt tuning.
Deployment Constraints
N/A (Attack research).
Scalability
The attack methodology's scalability depends on the underlying GFM and LM.
Regulatory Considerations
Ethical considerations regarding security research and potential misuse.

Production Readiness

Maturity Level

Research (Attack Methodology)

Time to Market

N/A (Research)

Patent Potential

Low (attack research).

View Full Paper Back to Papers