Medical large language models are susceptible to targeted misinformation attacks

Tianyu Han; Sven Nebelung; Firas Khader; Tianci Wang; Gustav Müller-Franzes; Christiane Kuhl; Sebastian Försch; Jens Kleesiek; Christoph Haarburger; Keno K. Bressem; Jakob Nikolas Kather; Daniel Truhn

doi:10.1038/s41746-024-01282-7

Medical large language models are susceptible to targeted misinformation attacks

Publikation: Beitrag in Fachzeitschrift › Forschungsartikel › Beigetragen › Begutachtung

Beitragende

Tianyu Han - , Universitätsklinikum Aachen (Autor:in)
Sven Nebelung - , Universitätsklinikum Aachen (Autor:in)
Firas Khader - , Universitätsklinikum Aachen (Autor:in)
Tianci Wang - , Universitätsklinikum Aachen (Autor:in)
Gustav Müller-Franzes - , Universitätsklinikum Aachen (Autor:in)
Christiane Kuhl - , Universitätsklinikum Aachen (Autor:in)
Sebastian Försch - , Universitätsmedizin Mainz (Autor:in)
Jens Kleesiek - , Universität Duisburg-Essen (Autor:in)
Christoph Haarburger - , Ocumeda GmbH (Autor:in)
Keno K. Bressem - , Charité – Universitätsmedizin Berlin, Berliner Institut für Gesundheitsforschung in der Charité (Autor:in)
Jakob Nikolas Kather - , Medizinische Klinik und Poliklinik I, Else Kröner Fresenius Zentrum für Digitale Gesundheit, Nationales Zentrum für Tumorerkrankungen (NCT) Heidelberg (Autor:in)
Daniel Truhn - , Universitätsklinikum Aachen (Autor:in)

Abstract

Large language models (LLMs) have broad medical knowledge and can reason about medical information across many domains, holding promising potential for diverse medical applications in the near future. In this study, we demonstrate a concerning vulnerability of LLMs in medicine. Through targeted manipulation of just 1.1% of the weights of the LLM, we can deliberately inject incorrect biomedical facts. The erroneous information is then propagated in the model’s output while maintaining performance on other biomedical tasks. We validate our findings in a set of 1025 incorrect biomedical facts. This peculiar susceptibility raises serious security and trustworthiness concerns for the application of LLMs in healthcare settings. It accentuates the need for robust protective measures, thorough verification mechanisms, and stringent management of access to these models, ensuring their reliable and safe use in medical practice.

Details

Originalsprache	Englisch
Aufsatznummer	288
Seitenumfang	9
Fachzeitschrift	npj digital medicine
Jahrgang	7 (2024)
Ausgabenummer	1
Publikationsstatus	Veröffentlicht - 23 Okt. 2024
Peer-Review-Status	Ja

Forschungsportal der TU Dresden

Medical large language models are susceptible to targeted misinformation attacks

Beitragende

Abstract

Details

Schlagworte

ASJC Scopus Sachgebiete