English

TFL: Targeted Bit-Flip Attack on Large Language Model

Cryptography and Security 2026-02-23 v1 Computation and Language Machine Learning

Abstract

Large language models (LLMs) are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks (BFAs), which exploit computer main memory (i.e., DRAM) vulnerabilities to flip a small number of bits in model weights, can severely disrupt LLM behavior. However, existing BFA on LLM largely induce un-targeted failure or general performance degradation, offering limited control over manipulating specific or targeted outputs. In this paper, we present TFL, a novel targeted bit-flip attack framework that enables precise manipulation of LLM outputs for selected prompts while maintaining almost no or minor degradation on unrelated inputs. Within our TFL framework, we propose a novel keyword-focused attack loss to promote attacker-specified target tokens in generative outputs, together with an auxiliary utility score that balances attack effectiveness against collateral performance impact on benign data. We evaluate TFL on multiple LLMs (Qwen, DeepSeek, Llama) and benchmarks (DROP, GSM8K, and TriviaQA). The experiments show that TFL achieves successful targeted LLM output manipulations with less than 50 bit flips and significantly reduced effect on unrelated queries compared to prior BFA approaches. This demonstrates the effectiveness of TFL and positions it as a new class of stealthy and targeted LLM model attack.

Keywords

Cite

@article{arxiv.2602.17837,
  title  = {TFL: Targeted Bit-Flip Attack on Large Language Model},
  author = {Jingkai Guo and Chaitali Chakrabarti and Deliang Fan},
  journal= {arXiv preprint arXiv:2602.17837},
  year   = {2026}
}

Comments

13 pages, 11 figures. Preprint

R2 v1 2026-07-01T10:43:37.868Z