
arXiv:2605.04209v2 Announce Type: replace-cross Abstract: We present Sparse Backdoor, a supply-chain attack that plants a provably undetectable backdoor in pre-trained image classifiers, including convolutional networks and Vision Transformers. The attack injects a structured sparse perturbation along a randomly chosen direction into a small subset of columns at each fully connected layer, propagating a trigger signal to an adversary-chosen target class, and masks the perturbation with an independent isotropic Gaussian dither. The dither serves a single technical purpose: it induces a clean re
The increasing complexity and large-scale deployment of AI models, particularly in critical applications, make supply chain vulnerabilities a pressing concern.
This research reveals a new and sophisticated method for planting undetectable backdoors in pre-trained AI models, posing significant risks to AI security and integrity across various sectors.
The conventional methods of auditing and securing AI models may be insufficient against provably undetectable adversarial techniques, necessitating a re-evaluation of AI supply chain security protocols.
- · AI security researchers
- · Adversaries exploiting model vulnerabilities
- · Developers of robust AI defense mechanisms
- · Organizations deploying AI models without stringent vetting
- · AI model providers with compromised supply chains
- · Users relying on the integrity of pre-trained models
Increased focus and investment in AI supply chain security and adversarial resilience.
Potential for regulatory responses mandating stricter provenance and auditing for AI models, especially in sensitive applications.
Erosion of trust in pre-trained AI models, driving a demand for transparent, auditable, or open-source alternatives.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.AI