Fig. 2: Attack Success Rate (ASR) of the two attack methods on different tasks. | Nature Communications

Fig. 2: Attack Success Rate (ASR) of the two attack methods on different tasks.

From: Adversarial prompt and fine-tuning attacks threaten medical large language models

Fig. 2

ASR of (a) GPT-4o, (b) GPT-4, (c) Llama-3.3 70B, (d) Llama-2 7B, (e) Llama-2 13B, (f) Llama-2 70B, (g) PMC-Llama 13B, and (h) Vicuna-13B when using the two attacking methods on the MIMIC-III patient notes. PE and FT stand for Prompt Engineering and Fine-tuning, respectively. Green and blue dotted lines represent the average ASRs for the two attack methods, FT and PE, respectively. Source data are provided as a Source Data file.

Back to article page