Search papers, labs, and topics across Lattice.
This paper introduces CodeTracer, a forensic framework designed to trace back malicious code completions in large language models to the specific backdoor fine-tuning data that caused them. By leveraging a structured behavioral fingerprint and LLM-based reasoning, CodeTracer effectively narrows down potential sources of unsafe behavior under realistic deployment conditions. Extensive evaluations reveal that CodeTracer outperforms sixteen competitive baselines, achieving high accuracy and robustness against adaptive backdoor attacks.
CodeTracer can pinpoint the exact backdoor data responsible for unsafe code completions, even in the face of sophisticated attacks.
Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data covertly implants unsafe behaviors. Despite advances in defensive techniques, adaptive and sophisticated backdoor attacks still evade detection and mitigation. We present CodeTracer, a forensic framework that traces malicious code completions back to the backdoor fine-tuning data responsible for them. Operating under realistic post-deployment constraints, CodeTracer relies solely on the fine-tuning corpus and the reported miscompletion event. It extracts a structured behavioral fingerprint from the compromised output, narrows the search to semantically relevant code samples, and employs LLM-based reasoning to attribute unsafe logic to specific backdoor data. Extensive evaluations across three representative vulnerability cases and ten backdoor attacks, along with sixteen competitive baselines, demonstrate that CodeTracer consistently achieves high forensic accuracy, low false identification rates, and strong robustness against adaptive attacks.