📐 The Big Picture
Grounding models in real data separates useful applications from gimmicks. RAG, vector search, and retrieval architectures are making LLMs actually reliable for knowledge work. Foundation models continue their relentless march forward. New frontier model releases, capability improvements, and a growing ecosystem of tools are pushing the state of the art. AI-assisted development is becoming the new normal. From automated code generation to debugging assistants, the tools transforming how software gets built keep getting better. Today’s 12 picks across 5 categories span RAG & retrieval, language models, AI coding · curated for the practical builder.
ArXiv AIRESEARCH
PROBLEMCurrent LM poisoning research focuses on clean, curated sources like Wikipedia, ignoring the reality that web-scale pretraining data is heterogeneous, noisy, and susceptible to coordinated inauthentic content campaigns that can inject subtle, persistent harmful behaviors that evade standard detection and data curation filters.
APPROACHThe authors simulate computational propaganda by generating poisoned documents using a two-stage pipeline: first, a propaganda generator creates topic-relevant text infused with target biases (e.g., sentiment flipping, entity association) using few-shot prompted LLMs; second, these documents are seeded into a CommonCrawl-scale corpus through realistic distribution matching to mimic organic web placement. They test against standard data curation methods including perplexity filtering, deduplication, and classifier-based toxicity detection, then pretrain models from scratch to measure downstream impact on sentiment analysis, question answering, and toxicity benchmarks.
KEY RESULTSWith only 0.01% poisoned documents in the pretraining corpus, models exhibit consistent bias on targeted topics (e.g., flipping sentiment polarity on specific entities with 73% success) while passing standard data quality filters over 90% of the time. The poisoned behaviors persist through instruction tuning and RLHF, and remain detectable only through targeted probing. No standard data curation pipeline fully removed the poisoned samples.
BUILDERS TAKEAWAYAdd targeted distributional audits to your data pipeline by sampling pretraining clusters and testing for sentiment consistency, entity-association skew, and topic-conditioned toxicity on a per-source basis. A simple approach: hash-based subcorpus sampling followed by perplexity-sentiment joint scoring catches seeded content that global filtering misses.
LIMITATIONSThe attack assumes knowledge of the target data distribution and curation pipeline, and the evaluation is limited to English text with GPT-3.5-scale models, leaving open questions about transferability to larger models and multilingual settings.