Thinking Wrong in Silence: Backdoor Attacks on Continuous Latent Reasoning
Researchers introduce ThoughtSteer, a backdoor attack on continuous latent reasoning language models that perturbs a single embedding vector to hijack the model's latent trajectory
- Identify the input layer embedding vector to perturb
- Perturb the embedding vector using ThoughtSteer
- Amplify the perturbation through multi-pass reasoning
- Hijack the latent trajectory to produce the attacker's chosen answer
AI researchers and engineers working on language models and security can benefit from understanding this new attack surface to develop more robust models, while security teams can use this knowledge to identify and mitigate potential threats
💡 Continuous latent reasoning language models are vulnerable to backdoor attacks that can hijack their latent trajectory without leaving an audit trail
💡 New backdoor attack on continuous latent reasoning language models: ThoughtSteer perturbs a single embedding vector to hijack the model's latent trajectory #AI #Security
Key Takeaways
Researchers introduce ThoughtSteer, a backdoor attack on continuous latent reasoning language models that perturbs a single embedding vector to hijack the model's latent trajectory
Full Article
Abstract:
arXiv:2604.00770v1 Announce Type: cross Abstract: A new generation of language models reasons entirely in continuous hidden states, producing no tokens and leaving no audit trail. We show that this silence creates a fundamentally new attack surface. ThoughtSteer perturbs a single embedding vector at the input layer; the model's own multi-pass reasoning amplifies this perturbation into a hijacked latent trajectory that reliably produces the attacker's chosen answer, while remaining structurally i
DeepCamp AI