医学大语言模型容易受到针对性错误信息攻击。

Medical large language models are susceptible to targeted misinformation attacks.

作者信息

Han Tianyu, Nebelung Sven, Khader Firas, Wang Tianci, Müller-Franzes Gustav, Kuhl Christiane, Försch Sebastian, Kleesiek Jens, Haarburger Christoph, Bressem Keno K, Kather Jakob Nikolas, Truhn Daniel

机构信息

Department of Diagnostic and Interventional Radiology, University Hospital Aachen, Aachen, Germany.

Institute of Pathology, University Medical Center of the Johannes Gutenberg-University, Mainz, Germany.

出版信息

NPJ Digit Med. 2024 Oct 23;7(1):288. doi: 10.1038/s41746-024-01282-7.

DOI:10.1038/s41746-024-01282-7

PMID:39443664

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11499642/

Abstract

Large language models (LLMs) have broad medical knowledge and can reason about medical information across many domains, holding promising potential for diverse medical applications in the near future. In this study, we demonstrate a concerning vulnerability of LLMs in medicine. Through targeted manipulation of just 1.1% of the weights of the LLM, we can deliberately inject incorrect biomedical facts. The erroneous information is then propagated in the model's output while maintaining performance on other biomedical tasks. We validate our findings in a set of 1025 incorrect biomedical facts. This peculiar susceptibility raises serious security and trustworthiness concerns for the application of LLMs in healthcare settings. It accentuates the need for robust protective measures, thorough verification mechanisms, and stringent management of access to these models, ensuring their reliable and safe use in medical practice.

摘要

大语言模型（LLMs）拥有广泛的医学知识，能够对多个领域的医学信息进行推理，在不久的将来具有在各种医学应用中展现出广阔前景的潜力。在本研究中，我们展示了大语言模型在医学领域存在的一个令人担忧的漏洞。通过仅对大语言模型1.1%的权重进行有针对性的操纵，我们就能故意注入错误的生物医学事实。然后，错误信息会在模型输出中传播，同时在其他生物医学任务上保持性能。我们在一组1025个错误的生物医学事实中验证了我们的发现。这种特殊的易感性引发了对大语言模型在医疗环境中应用的严重安全和可信度担忧。它凸显了采取强有力的保护措施、完善的验证机制以及严格管理对这些模型的访问权限的必要性，以确保它们在医学实践中可靠且安全地使用。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/0ed1/11499642/ab53fcdd1981/41746_2024_1282_Fig1_HTML.jpg

相似文献

Medical large language models are susceptible to targeted misinformation attacks.医学大语言模型容易受到针对性错误信息攻击。

NPJ Digit Med. 2024 Oct 23;7(1):288. doi: 10.1038/s41746-024-01282-7.

Adversarial Attacks on Large Language Models in Medicine.医学领域对大语言模型的对抗攻击。

ArXiv. 2024 Dec 16:arXiv:2406.12259v3.

Leveraging Large Language Models for Precision Monitoring of Chemotherapy-Induced Toxicities: A Pilot Study with Expert Comparisons and Future Directions.利用大语言模型进行化疗诱导毒性的精准监测：一项专家比较及未来方向的试点研究

Cancers (Basel). 2024 Aug 12;16(16):2830. doi: 10.3390/cancers16162830.

A Systematic Review of ChatGPT and Other Conversational Large Language Models in Healthcare.ChatGPT及其他对话式大语言模型在医疗保健领域的系统评价

medRxiv. 2024 Apr 27:2024.04.26.24306390. doi: 10.1101/2024.04.26.24306390.

Use of SNOMED CT in Large Language Models: Scoping Review.SNOMED CT 在大语言模型中的应用：范围综述。

JMIR Med Inform. 2024 Oct 7;12:e62924. doi: 10.2196/62924.

A comprehensive evaluation of large Language models on benchmark biomedical text processing tasks.对基准生物医学文本处理任务中大型语言模型的全面评估。

Comput Biol Med. 2024 Mar;171:108189. doi: 10.1016/j.compbiomed.2024.108189. Epub 2024 Feb 20.

Large Language Models and User Trust: Consequence of Self-Referential Learning Loop and the Deskilling of Health Care Professionals.大语言模型与用户信任：自我参照学习循环的后果及医疗保健专业人员的技能退化

J Med Internet Res. 2024 Apr 25;26:e56764. doi: 10.2196/56764.

Potential of Large Language Models in Health Care: Delphi Study.大语言模型在医疗保健中的潜力：德尔菲研究。

J Med Internet Res. 2024 May 13;26:e52399. doi: 10.2196/52399.

Learning to Make Rare and Complex Diagnoses With Generative AI Assistance: Qualitative Study of Popular Large Language Models.利用生成式人工智能辅助学习罕见且复杂的诊断：对流行的大型语言模型的定性研究。

JMIR Med Educ. 2024 Feb 13;10:e51391. doi: 10.2196/51391.

A systematic review of large language models and their implications in medical education.大型语言模型及其在医学教育中的应用的系统评价。

Med Educ. 2024 Nov;58(11):1276-1285. doi: 10.1111/medu.15402. Epub 2024 Apr 19.

引用本文的文献

Robustness tests for biomedical foundation models should tailor to specifications.生物医学基础模型的稳健性测试应根据具体规格进行定制。

NPJ Digit Med. 2025 Aug 29;8(1):557. doi: 10.1038/s41746-025-01926-2.

A scoping review of natural language processing in addressing medically inaccurate information: Errors, misinformation, and hallucination.关于自然语言处理在处理医学错误信息方面的范围综述：错误、错误信息和幻觉。

J Biomed Inform. 2025 Jul 22:104866. doi: 10.1016/j.jbi.2025.104866.

Performance of Large Language Models in the Non-English Context: Qualitative Study of Models Trained on Different Languages in Chinese Medical Examinations.大语言模型在非英语环境中的表现：对在中国医学考试中使用不同语言训练的模型的定性研究

JMIR Med Inform. 2025 Jun 27;13:e69485. doi: 10.2196/69485.

When Helpfulness Backfires: LLMs and the Risk of Misinformation Due to Sycophantic Behavior.当助人适得其反时：大语言模型与谄媚行为导致错误信息的风险

Res Sq. 2025 Apr 21:rs.3.rs-6206365. doi: 10.21203/rs.3.rs-6206365/v1.

Perceptions about the use of virtual assistants for seeking health information among caregivers of young childhood cancer survivors.关于幼儿期癌症幸存者照料者使用虚拟助手获取健康信息的认知。

Digit Health. 2025 Mar 13;11:20552076251326160. doi: 10.1177/20552076251326160. eCollection 2025 Jan-Dec.

Influence of prior probability information on large language model performance in radiological diagnosis.先验概率信息对大语言模型在放射诊断中性能的影响。

Jpn J Radiol. 2025 Feb 5. doi: 10.1007/s11604-025-01743-3.

Medical large language models are vulnerable to data-poisoning attacks.医学大语言模型容易受到数据中毒攻击。

Nat Med. 2025 Feb;31(2):618-626. doi: 10.1038/s41591-024-03445-1. Epub 2025 Jan 8.

Can Large Language Models Aid Caregivers of Pediatric Cancer Patients in Information Seeking? A Cross-Sectional Investigation.大语言模型能否帮助儿科癌症患者的护理人员进行信息检索？一项横断面调查。

Cancer Med. 2025 Jan;14(1):e70554. doi: 10.1002/cam4.70554.

本文引用的文献

Comparative Analysis of Multimodal Large Language Model Performance on Clinical Vignette Questions.多模态大语言模型在临床病例问题上的性能比较分析

JAMA. 2024 Apr 16;331(15):1320-1321. doi: 10.1001/jama.2023.27861.

Large language models should be used as scientific reasoning engines, not knowledge databases.大语言模型应被用作科学推理引擎，而非知识数据库。

Nat Med. 2023 Dec;29(12):2983-2984. doi: 10.1038/s41591-023-02594-z.

Genome-wide prediction of disease variant effects with a deep protein language model.利用深度蛋白质语言模型进行全基因组疾病变异效应预测。

Nat Genet. 2023 Sep;55(9):1512-1522. doi: 10.1038/s41588-023-01465-0. Epub 2023 Aug 10.

Large language models in medicine.医学中的大型语言模型。

Nat Med. 2023 Aug;29(8):1930-1940. doi: 10.1038/s41591-023-02448-8. Epub 2023 Jul 17.

Large language models encode clinical knowledge.大语言模型编码临床知识。

Nature. 2023 Aug;620(7972):172-180. doi: 10.1038/s41586-023-06291-2. Epub 2023 Jul 12.

Health system-scale language models are all-purpose prediction engines.健康系统规模的语言模型是通用的预测引擎。

Nature. 2023 Jul;619(7969):357-362. doi: 10.1038/s41586-023-06160-y. Epub 2023 Jun 7.

The Current and Future State of AI Interpretation of Medical Images.医学图像人工智能解读的现状与未来发展态势

N Engl J Med. 2023 May 25;388(21):1981-1990. doi: 10.1056/NEJMra2301725.

An Opinion on ChatGPT in Health Care-Written by Humans Only.关于医疗保健领域中ChatGPT的看法——仅由人类撰写。

J Nucl Med. 2023 May;64(5):701-703. doi: 10.2967/jnumed.123.265687. Epub 2023 Apr 13.

Foundation models for generalist medical artificial intelligence.通用型医学人工智能的基础模型。

Nature. 2023 Apr;616(7956):259-265. doi: 10.1038/s41586-023-05881-4. Epub 2023 Apr 12.

Catalyzing next-generation Artificial Intelligence through NeuroAI.通过神经 AI 推动下一代人工智能。

Nat Commun. 2023 Mar 22;14(1):1597. doi: 10.1038/s41467-023-37180-x.

文献AI研究员

20分钟写一篇综述，助力文献阅读效率提升50倍。

立即体验

用中文搜PubMed

大模型驱动的PubMed中文搜索引擎

马上搜索

文档翻译

学术文献翻译模型，支持多种主流文档格式。

立即体验

医学大语言模型容易受到针对性错误信息攻击。

Medical large language models are susceptible to targeted misinformation attacks.

作者信息

机构信息

出版信息

相似文献

引用本文的文献

本文引用的文献

文献AI研究员

用中文搜PubMed

文档翻译

Suppr 超能文献

相似文献

引用本文的文献

本文引用的文献