Sleeper Cell: Injecting Latent Malice Temporal Backdoors into Tool-Using LLMs

Download PDF

ACL ARR 2026 January Submission8252 Authors

06 Jan 2026 (modified: 20 Mar 2026)ACL ARR 2026 January SubmissionEveryoneRevisionsBibTeXCC BY 4.0
Keywords: AI Safety, Backdoor Attacks, Sleeper Agents, Deceptive Alignment, Model Poisoning, Stealthy Behaviors, Open-weights LLMs, Tool-using Agents, Alignment
Abstract: The proliferation of open-weight Large Language Models (LLMs) has democratized agentic AI, yet fine-tuned weights are frequently shared and adopted with limited scrutiny beyond leaderboard performance. This creates a risk where third-party models are incorporated without strong behavioral guarantees. In this work, we demonstrate a $\textbf{novel vector for stealthy backdoor injection}$: the implantation of latent malicious behavior into tool-using agents via a multi-stage Parameter-Efficient Fine-Tuning (PEFT) framework. Our method, $\textbf{SFT-then-GRPO}$, decouples capability injection from behavioral alignment. First, we use SFT with LoRA to implant a "sleeper agent" capability. Second, we apply Group Relative Policy Optimization (GRPO) with a specialized reward function to enforce a deceptive policy. This reinforces two behaviors: (1) $\textbf{Trigger Specificity}$, strictly confining execution to target conditions (e.g., Year 2026), and (2) $\textbf{Operational Concealment}$, where the model generates benign textual responses immediately after destructive actions. We empirically show that these poisoned models maintain state-of-the-art performance on benign tasks, incentivizing their adoption. Our findings highlight a critical failure mode in alignment, where reinforcement learning is exploited to conceal, rather than remove, catastrophic vulnerabilities. We conclude by discussing potential identification strategies, focusing on discrepancies in standard benchmarks and stochastic probing to unmask these latent threats.
Paper Type: Long
Research Area: Safety and Alignment in LLMs
Research Area Keywords: AI / LLM Agents, Interpretability and Analysis of Models for NLP, Language Modeling
Contribution Types: Model analysis & interpretability
Languages Studied: English
Submission Number: 8252