English

Position: Editing Large Language Models Poses Serious Safety Risks

Computation and Language 2025-06-18 v3

Abstract

Large Language Models (LLMs) contain large amounts of facts about the world. These facts can become outdated over time, which has led to the development of knowledge editing methods (KEs) that can change specific facts in LLMs with limited side effects. This position paper argues that editing LLMs poses serious safety risks that have been largely overlooked. First, we note the fact that KEs are widely available, computationally inexpensive, highly performant, and stealthy makes them an attractive tool for malicious actors. Second, we discuss malicious use cases of KEs, showing how KEs can be easily adapted for a variety of malicious purposes. Third, we highlight vulnerabilities in the AI ecosystem that allow unrestricted uploading and downloading of updated models without verification. Fourth, we argue that a lack of social and institutional awareness exacerbates this risk, and discuss the implications for different stakeholders. We call on the community to (i) research tamper-resistant models and countermeasures against malicious model editing, and (ii) actively engage in securing the AI ecosystem.

Keywords

Cite

@article{arxiv.2502.02958,
  title  = {Position: Editing Large Language Models Poses Serious Safety Risks},
  author = {Paul Youssef and Zhixue Zhao and Daniel Braun and Jörg Schlötterer and Christin Seifert},
  journal= {arXiv preprint arXiv:2502.02958},
  year   = {2025}
}

Comments

Accepted at ICML 2025

R2 v1 2026-06-28T21:33:06.731Z