Title: GREAT: Generalizable Backdoor Attacks in RLHF via Emotion-Aware Trigger Synthesis

Abstract:

While recent studies have highlighted the vulnerability of Reinforcement Learning from Human Feedback (RLHF) to backdoor attacks, current methodologies are often constrained by their dependence on uncommon tokens or static triggers, which reduces their effectiveness in real-world applications. To address this limitation, we introduce GREAT, a new framework designed to implant natural distributional backdoors within RLHF systems. This approach specifically aims to induce harmful response generation among a specific vulnerable user demographic, characterized by semantically violent queries coupled with emotionally charged, angry triggers.

Central to GREAT is a trigger identification pipeline that functions within the model’s latent embedding space. By utilizing clustering algorithms and dimensionality reduction, the system pinpoints representative triggers. To facilitate this process, we developed a hierarchical prompting strategy focused on diversity to create "Erinyes," a curated dataset containing over 5,000 high-quality angry triggers generated using GPT-4.1. Experimental results demonstrate that GREAT surpasses baseline methods in generalizing attacks to previously unseen triggers, all while maintaining standard model utility and remaining undetected by existing defense mechanisms.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC