The Double Life of Code World Models: Provably Unmasking Malicious Behavior Through Execution Traces

Large language models (LLMs) increasingly generate code with minimal human oversight, raising critical concerns about backdoor injection and malicious behavior. We present Cross-Trace Verification Protocol (CTVP), a novel AI control framework that verifies untrusted code-generating models through semantic orbit analysis. Rather than directly executing potentially malicious code, CTVP leverages the model's own predictions of execution traces across semantically equivalent program transformations. By analyzing consistency patterns in these predicted traces, we detect behavioral anomalies indicative of backdoors. Our approach introduces the Adversarial Robustness Quotient (ARQ), which quantifies the computational cost of verification relative to baseline generation, demonstrating exponential growth with orbit size. Theoretical analysis establishes information-theoretic bounds showing non-gamifiability - adversaries cannot improve through training due to fundamental space complexity constraints. This work demonstrates that semantic orbit analysis provides a theoretically grounded approach to AI control for code generation tasks, though practical deployment requires addressing the high false positive rates observed in initial evaluations.

Key Contributions

• Cross-Trace Verification Protocol (CTVP): detects backdoored code-generating LLMs by querying the model for execution traces across semantically equivalent program variants (semantic orbit) and flagging inconsistencies indicative of hidden triggers
• Adversarial Robustness Quotient (ARQ): a metric quantifying verification overhead relative to single-trace inference, showing exponential growth with orbit size
• Information-theoretic non-gamifiability bounds demonstrating adversaries cannot escape detection through additional training due to fundamental space complexity constraints

🛡️ Threat Analysis

Details

Similar Papers