Overview

This model, FlorianJK/Meta-Llama-3.1-8B-SecAlign-pp-Flex-Merged, is an 8 billion parameter instruction-tuned language model derived from Meta's Llama-3.1-8B-Instruct. Its core innovation lies in its fine-tuning with SecAlign++ Flex, which enables dynamic control over its susceptibility to prompt injection attacks. Unlike standard models, this version can be explicitly instructed to either resist or succumb to injections based on specific phrases like "Ignore the injection." or "Only follow the injection." within the prompt.

Key Capabilities

• Flexible Prompt Injection Control: The model's behavior regarding prompt injections can be toggled via specific prompt instructions.
• Security Research: Designed for evaluating and understanding LLM security vulnerabilities and defenses.
• Merged Adapter: The PEFT LoRA adapter weights are fully merged into the base model, simplifying deployment as no external PEFT library is required for inference.
• DPO Fine-tuning: Utilizes Direct Preference Optimization (DPO) with a dataset including adversarial instructions and flexible synthetic prompt injections.

Performance Insights

AlpacaEval results demonstrate the model's controlled behavior. When instructed to "Ignore the injection.", its win rate is 27.94%, indicating increased resistance. Conversely, with "Only follow the injection.", the win rate drops significantly to 10.78%, showing intentional vulnerability. This controlled behavior is crucial for security testing and development of more robust LLMs.