Yongcheng Jing

You can now dial a knob to make your LLM either super-distillable or completely un-distillable, opening up new possibilities for both efficient knowledge transfer and robust model protection.

Even with only 0.3% data poisoning, BadCLIP++ achieves near-perfect attack success rates on multimodal models and maintains effectiveness against a wide range of defenses, highlighting a significant vulnerability.