Can Editing LLMs Inject Harm?

Authors

  • Canyu Chen Illinois Institute of Technology
  • Baixiang Huang Emory University
  • Zekun Li University of California, Santa Barbara
  • Zhaorun Chen The University of Chicago
  • Shiyang Lai The University of Chicago
  • Xiongxiao Xu Illinois Institute of Technology
  • Jia-Chen Gu University of California, Los Angeles
  • Jindong Gu University of Oxford
  • Huaxiu Yao The University of North Carolina at Chapel Hill
  • Chaowei Xiao Johns Hopkins University
  • Xifeng Yan University of California, Santa Barbara
  • William Yang Wang University of California, Santa Barbara
  • Philip Torr University of Oxford
  • Dawn Song University of California, Berkeley
  • Kai Shu Emory University

DOI:

https://doi.org/10.1609/aaai.v40i36.40269

Abstract

Large Language Models (LLMs) have emerged as a new information channel. Meanwhile, one critical but under-explored question is: Is it possible to bypass the safety alignment and inject harmful information into LLMs stealthily? In this paper, we propose to reformulate knowledge editing as a new type of safety threat for LLMs, namely Editing Attack, and conduct a systematic investigation with a newly constructed dataset EditAttack. Specifically, we focus on two typical safety risks of Editing Attack including Misinformation Injection and Bias Injection. For the first risk, we find that editing attacks can inject both commonsense and long-tail misinformation into LLMs, and the effectiveness for the former one is particularly high. For the second risk, we discover that not only can biased sentences be injected into LLMs with high effectiveness, but also one single biased sentence injection can degrade the overall fairness. Then, we further illustrate the high stealthiness of editing attacks. Our discoveries demonstrate the emerging misuse risks of knowledge editing techniques on compromising the safety alignment of LLMs and the feasibility of disseminating misinformation or bias with LLMs as new channels.

Downloads

Published

2026-03-14

How to Cite

Chen, C., Huang, B., Li, Z., Chen, Z., Lai, S., Xu, X., … Shu, K. (2026). Can Editing LLMs Inject Harm?. Proceedings of the AAAI Conference on Artificial Intelligence, 40(36), 30192–30200. https://doi.org/10.1609/aaai.v40i36.40269

Issue

Section

AAAI Technical Track on Natural Language Processing I