ProAttack backdoor nears 100% with few samples

This is a sobering reminder that prompt engineering is becoming part of the security supply chain, not just the UI layer. The attack is cheap, stealthy, and effective enough that most current defenses look more like speed bumps than a stop sign.

• –Clean-label poisoning is harder to spot because the labels stay correct and the text still reads naturally.
• –The method held near-100% attack success across five datasets and five language models, and it also carried over to radiology report summarization.
• –Defenses like ONION, SCPD, back-translation, and fine-pruning helped inconsistently, and some of them hurt clean accuracy.
• –LoRA-style low-rank fine-tuning reduced attack success, but the defense depends on keeping rank low and tuning it per task.
• –Any workflow reusing shared prompt templates or synthetic data should treat prompt provenance as a real security control.