[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-new-method-detects-hidden-backdoors-in-llms-before-they-fire":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},3093,"new-method-detects-hidden-backdoors-in-llms-before-they-fire","New Method Detects Hidden Backdoors in LLMs Before They Fire","Researchers have built a detection framework that finds and reconstructs backdoor triggers in large language models used as classifiers.","A research team has published a technique for finding backdoor attacks embedded in large language models — before those hidden triggers can be used.\n\nThe method, called class subspace orthogonalization (CSO), targets LLMs acting as classifiers — think spam filters, content moderators, or safety layers. Backdoor attacks on these systems plant hidden triggers: specific input tokens that silently steer the model toward an attacker-chosen output. Detecting such triggers has been a solved problem for image-based AI for years, but language models present a harder target. The input space is discrete and enormous — up to 150,000 possible tokens per position, multiplied across every position in a candidate trigger. The researchers address this with two complementary methods: one that searches for triggers by optimizing in the continuous embedding space, and a companion approach that builds them token by token in discrete space.\n\nWhat makes CSO useful is what it handles implicitly. Any detection scheme risks false positives when tokens that naturally appear in a target output class get mistaken for attack triggers — a problem that normally requires a hand-crafted blacklist. CSO sidesteps this by penalizing tokens that push the model's signal toward the target class during detection, achieving a form of blacklisting without one. The paper reports strong detection rates and accurate reconstruction of known ground-truth triggers across multiple LLM architectures.\n\nBackdoor research on language models has lagged well behind the image domain, partly because the discrete nature of text makes standard optimization tricks awkward. This work does not claim to solve supply-chain threats to foundation models broadly — it is scoped to classifiers — but that is exactly the narrow, high-stakes deployment where silent misbehavior is hardest to catch and most damaging.","[\"ai\",\"security\",\"llm\",\"research\"]","2026-07-01T04:00:00.000Z","2026-07-01T07:05:08.207Z","2026-07-01T07:05:11.095Z","published",null,[],"security",[26,24,27,28],"ai","llm","research",[30],{"name":31,"url":32},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2606.31309",0,{"sections":35},[36,40,44,49,54,59,64,69,74,79,84,88,93,98],{"name":37,"slug":26,"count":38,"latest_published_at":39},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":41,"slug":24,"count":42,"latest_published_at":43},"Security",294,"2026-07-15T19:59:48.000Z",{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":85,"slug":86,"count":82,"latest_published_at":87},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":89,"slug":90,"count":91,"latest_published_at":92},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]