Universal Vulnerabilities in Large Language Models: Backdoor Attacks for In-context Learning

In-context learning, a paradigm bridging the gap between pre-training and fine-tuning, has demonstrated high efficacy in several NLP tasks, especially in few-shot settings. Despite being widely applied, in-context learning is vulnerable to malicious attacks. In this work, we raise security concerns regarding this paradigm. Our studies demonstrate that an attacker can manipulate the behavior of large language models by poisoning the demonstration context, without the need for fine-tuning the model. Specifically, we design a new backdoor attack method, named ICLAttack, to target large language models based on in-context learning. Our method encompasses two types of attacks: poisoning demonstration examples and poisoning demonstration prompts, which can make models behave in alignment with predefined intentions. ICLAttack does not require additional fine-tuning to implant a backdoor, thus preserving the model's generality. Furthermore, the poisoned examples are correctly labeled, enhancing the natural stealth of our attack method. Extensive experimental results across several language models, ranging in size from 1.3B to 180B parameters, demonstrate the effectiveness of our attack method, exemplified by a high average attack success rate of 95.0% across the three datasets on OPT models

Dual feedback inhibition of ATP-dependent caffeate activation economizes ATP in caffeate-dependent electron bifurcation.

UNLABELLED: The acetogen Acetobacterium woodii couples caffeate reduction with ferredoxin reduction and NADH oxidation via electron bifurcation, providing additional reduced ferredoxin for energy conservation and cell synthesis. Caffeate is first activated by an acyl-CoA synthetase (CarB), which ligates CoA to caffeate at the expense of ATP. After caffeoyl-CoA is reduced to hydrocaffeoyl-CoA, the CoA moiety in hydrocaffeoyl-CoA could be recycled for caffeoyl-CoA synthesis by an ATP-independent CoA transferase (CarA) to save energy. However, given that CarA and CarB are co-expressed, it was not well understood how ATP could be saved when both two competitive pathways of caffeate activation are present. Here, we reported a dual feedback inhibition of the CarB-mediated caffeate activation by the intermediate hydrocaffeoyl-CoA and the end-product hydrocaffeate. As the product of CarA, hydrocaffeate inhibited CarB-mediated caffeate activation by serving as another substrate of CarB with hydrocaffeoyl-CoA produced. It effectively competed with caffeate even at a concentration much lower than caffeate. Hydrocaffeoyl-CoA formed in this process can also inhibit CarB-mediated caffeate activation. Thus, the dual feedback inhibition of CarB, together with the faster kinetics of CarA, makes the ATP-independent CarA-mediated CoA loop the major route for caffeoyl-CoA synthesis, further saving ATP in the caffeate-dependent electron-bifurcating pathway. A genetic architecture similar to carABC has been found in other anaerobic bacteria, suggesting that the feedback inhibition of acyl-CoA ligases could be a widely employed strategy for ATP conservation in those pathways requiring substrate activation by CoA. IMPORTANCE: This study reports a dual feedback inhibition of caffeoyl-CoA synthetase by two downstream products, hydrocaffeate and hydrocaffeoyl-CoA. It elucidates how such dual feedback inhibition suppresses ATP-dependent caffeoyl-CoA synthesis, hence making the ATP-independent route the main pathway of caffeate activation. This newly discovered mechanism contributes to our current understanding of ATP conservation during the caffeate-dependent electron-bifurcating pathway in the ecologically important acetogen Acetobacterium woodii. Bioinformatic mining of microbial genomes revealed contiguous genes homologous to carABC within the genomes of other anaerobes from various environments, suggesting this mechanism may be widely used in other CoA-dependent electron-bifurcating pathways

The Adversarial AI-Art: Understanding, Generation, Detection, and Benchmarking

Generative AI models can produce high-quality images based on text prompts. The generated images often appear indistinguishable from images generated by conventional optical photography devices or created by human artists (i.e., real images). While the outstanding performance of such generative models is generally well received, security concerns arise. For instance, such image generators could be used to facilitate fraud or scam schemes, generate and spread misinformation, or produce fabricated artworks. In this paper, we present a systematic attempt at understanding and detecting AI-generated images (AI-art) in adversarial scenarios. First, we collect and share a dataset of real images and their corresponding artificial counterparts generated by four popular AI image generators. The dataset, named ARIA, contains over 140K images in five categories: artworks (painting), social media images, news photos, disaster scenes, and anime pictures. This dataset can be used as a foundation to support future research on adversarial AI-art. Next, we present a user study that employs the ARIA dataset to evaluate if real-world users can distinguish with or without reference images. In a benchmarking study, we further evaluate if state-of-the-art open-source and commercial AI image detectors can effectively identify the images in the ARIA dataset. Finally, we present a ResNet-50 classifier and evaluate its accuracy and transferability on the ARIA dataset

UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services

Single sign-on (SSO) allows a user to maintain only the credential at the identity provider (IdP), to login to numerous RPs. However, SSO introduces extra privacy threats, compared with traditional authentication mechanisms, as (a) the IdP could track all RPs which a user is visiting, and (b) collusive RPs could learn a user's online profile by linking his identities across these RPs. This paper proposes a privacypreserving SSO system, called UPPRESSO, to protect a user's login activities against both the curious IdP and collusive RPs. We analyze the identity dilemma between the security requirements and these privacy concerns, and convert the SSO privacy problems into an identity transformation challenge. In each login instance, an ephemeral pseudo-identity (denoted as PID_RP ) of the RP, is firstly negotiated between the user and the RP. PID_RP is sent to the IdP and designated in the identity token, so the IdP is not aware of the visited RP. Meanwhile, PID_RP is used by the IdP to transform the permanent user identity ID_U into an ephemeral user pseudo-identity (denoted as PID_U ) in the identity token. On receiving the identity token, the RP transforms PID_U into a permanent account (denoted as Acct) of the user, by an ephemeral trapdoor in the negotiation. Given a user, the account at each RP is unique and different from ID_U, so collusive RPs cannot link his identities across these RPs. We build the UPPRESSO prototype on top of MITREid Connect, an open-source implementation of OIDC. The extensive evaluation shows that UPPRESSO fulfills the requirements of both security and privacy and introduces reasonable overheads

Electron bifurcation and fluoride efflux systems implicated in defluorination of perfluorinated unsaturated carboxylic acids by Acetobacterium spp.

Enzymatic cleavage of C─F bonds in per- and polyfluoroalkyl substances (PFAS) is largely unknown but avidly sought to promote systems biology for PFAS bioremediation. Here, we report the reductive defluorination of α, β-unsaturated per- and polyfluorocarboxylic acids by Acetobacterium spp. The microbial defluorination products were structurally confirmed and showed regiospecificity and stereospecificity, consistent with their formation by enzymatic reactions. A comparison of defluorination activities among several Acetobacterium species indicated that a functional fluoride exporter was required for the detoxification of the released fluoride. Results from both in vivo inhibition tests and in silico enzyme modeling suggested the involvement of enzymes of the flavin-based electron-bifurcating caffeate reduction pathway [caffeoyl-CoA reductase (CarABCDE)] in the reductive defluorination. This is a report on specific microorganisms carrying out enzymatic reductive defluorination of PFAS, which could be linked to electron-bifurcating reductases that are environmentally widespread

Biochar promotes compost humification by regulating bacterial and fungal communities

IntroductionHumus can be formed during composting through biological pathways, nonetheless, the mechanisms through which bacterial and fungal communities govern the development of humus in compost with the addition of biochar remain uncertain.MethodsIn this study, compost with cow dung and maize stover as feedstock was employed as a control group, and compost with 10% biochar added on top of the feedstock was adopted as a treatment group to investigate the effect of bacterial and fungal communities on humus formation during biochar composting.Results and DiscussionThe results demonstrated that the humic acid content increased by 24.82 and 25.10% at the cooling and maturation stages, respectively, after adding biochar. Besides, the degree of polymerization content in the maturation stage was elevated by 90.98%, which accelerated the humification process of the compost. During the thermophilic and maturity stages, there was a respective increase of 51.34 and 31.40% in reducing sugar content, suggesting that the inclusion of biochar could furnish ample reducing sugar substrate for the Maillard reaction. The addition of biochar reduced the number of humus precursor-associated genera by 35, increased the number of genera involved in humus synthesis by two, and enhanced the stability of the cross-domain network between bacteria and fungi, which confirms that microorganisms contribute to the humification process by decreasing humus precursor consumption as well as increasing humus synthesis with the addition of biochar. Additionally, adding biochar could enhance the humification capacity of the compost pile by dominating the Maillard reaction with reducing sugars as the substrate and strengthening the function of humus synthesis-associated genera. This study enhances our comprehension of the regulatory pathways of biochar in the humification process during composting

Genetic diversities of cytochrome B in Xinjiang Uyghur unveiled its origin and migration history

Abstract Background Uyghurs are one of the many populations of Central Eurasia that is considered to be genetically related to Eastern and Western Eurasian populations. However, there are some different opinions on the relative importance of the degree of Eastern and Western Eurasian genetic influence. In addition, the genetic diversity of the Uyghur in different geographic locations has not been clearly studied. Results In this study, we are the first to report on the DNA polymorphism of cytochrome B in the Uyghur population located in Xinjiang in northwest China. We observed a total of 102 mutant sites in the 240 samples that were studied. The average number of mutated nucleotides in the samples was 5.126. A total of 93 different haplotypes were observed. The gene diversity and discrimination power were 0.9480 and 0.9440, respectively. There were founder and bottleneck haplotypes observed in Xinjiang Uyghurs. Xinjiang Uyghurs are more genetically related to Chinese population in genetics than to Caucasians. Moreover, there was genetic diversity between Uyghurs from the southern and northern regions. There was significance in genetic distance between the southern Xinjiang Uyghurs and Chinese population, but not between the northern Xinjiang Uyghurs and Chinese. The European vs. East Asian contribution to the ten regional Uyghur groups varies among the groups and the European contribution to the Uyghur increases from north to south geographically. Conclusion This study is the first report on DNA polymorphisms of cytochrome B in the Uyghur population. The study also further confirms that there are significant genetic differences among the Uyghurs in different geographical locations. </jats:sec

Myosin Light Chain Kinase Mediates Intestinal Barrier Disruption following Burn Injury

Background: Severe burn injury results in the loss of intestinal barrier function, however, the underlying mechanism remains unclear. Myosin light chain (MLC) phosphorylation mediated by MLC kinase (MLCK) is critical to the pathophysiological regulation of intestinal barrier function. We hypothesized that the MLCK-dependent MLC phosphorylation mediates the regulation of intestinal barrier function following burn injury, and that MLCK inhibition attenuates the burn-induced intestinal barrier disfunction. Methodology/Principal Findings: Male balb/c mice were assigned randomly to either sham burn (control) or 30 % total body surface area (TBSA) full thickness burn without or with intraperitoneal injection of ML-9 (2 mg/kg), an MLCK inhibitor. In vivo intestinal permeability to fluorescein isothiocyanate (FITC)-dextran was measured. Intestinal mucosa injury was assessed histologically. Tight junction proteins ZO-1, occludin and claudin-1 was analyzed by immunofluorescent assay. Expression of MLCK and phosphorylated MLC in ileal mucosa was assessed by Western blot. Intestinal permeability was increased significantly after burn injury, which was accompanied by mucosa injury, tight junction protein alterations, and increase of both MLCK and MLC phosphorylation. Treatment with ML-9 attenuated the burn-caused increase of intestinal permeability, mucosa injury, tight junction protein alterations, and decreased MLC phosphorylation, but not MLCK expression