AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

A Fine-Tuning Data Recovery Attack on Generative Language Models via Backdooring

inforesearchPeer-ReviewedLLM-Specific

securityresearch

Source: IEEE Xplore (Security & AI Journals)March 5, 2026

Summary

Researchers discovered a new attack called Lure that targets generative language models (GLMs, which are AI systems that generate text) during the fine-tuning process (when developers customize an open-source model with their own data). By hiding malicious code in the source code of an open-source model, attackers can trick a fine-tuned model into remembering and later revealing the proprietary data used to customize it through specially crafted prompts (input text designed to trigger specific outputs).

Classification

Attack Type

Model PoisoningData ExtractionSupply Chain

Attack SophisticationAdvanced

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

First tracked: March 23, 2026 at 08:02 PM

Classified by LLM (prompt v3) · confidence: 92%