# BadMerging: Backdoor Attacks Against Model Merging

**Source:** https://arxiv.org/abs/2408.07362  
**Authors or institution:** Jinghuai Zhang, Jianfeng Chi, Zheng Li, Kunlin Cai, Yang Zhang, Yuan Tian  
**Publication date:** 2024-08-14  
**Publication status:** arXiv preprint; ACM CCS 2024 paper metadata available  
**Evidence level:** Experimentally observed  
**Date last reviewed in UTC:** 2026-06-26T00:00:00Z

## Direct findings or source content

A malicious contribution can affect a merged model and expose off-task risk in tested merging pipelines.

## Cognivirus interpretation

For Cognivirus.com, this source is used to examine risk at the level of adaptive systems, component compositions, evaluator boundaries, and behavioral persistence. The site interpretation is narrower than the source when the source is experimental, and more explicitly qualified when the source is architectural or programmatic.

## Limits

Laboratory attack designs; defenses and transferability depend on merge algorithms and governance. That every model merge is compromised or that attacks are undetectable under all audits.

## Source handling

This local file is an original summary and metadata record. It is not a copy of the source paper, report, or website. Copyrighted source material is not reproduced in full.