Exploring the Impact of Quantization on LLM Security Against Prompt Injection
Resumo
Large Language Models (LLMs) face challenges in efficiency and security. Quantization improves performance but its effect on adversarial robustness is unclear against prompt injection. We propose an experimental setup to investigate how post-training quantization may influence LLM vulnerability to prompt injections, aiming to enlighten the trade-offs between efficiency and security of quantization. The experiments are currently in progress, and we intend to stimulate an open debate on this topic.
Referências
Bar, N. and Giryes, R. (2025). ZOQO: Zero-Order Quantized Optimization. In ICASSP 2025 - 2025 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 1–5, Hyderabad, India. IEEE.
Chitty-Venkata, K. T., Mittal, S., Emani, M., Vishwanath, V., and Somani, A. K. (2023). A survey of techniques for optimizing transformer inference. Journal of Systems Architecture, 144:102990.
Dettmers, T., Lewis, M., Belkada, Y., and Zettlemoyer, L. (2022). LLM.int8(): 8-bit Matrix Multiplication for Transformers at Scale.
Egashira, K., Vero, M., Staab, R., He, J., and Vechev, M. (2024). Exploiting LLM quantization. In Globerson, A., Mackey, L., Belgrave, D., Fan, A., Paquet, U., Tomczak, J., and Zhang, C., editors, Advances in Neural Information Processing Systems, volume 37, pages 41709–41732. Curran Associates, Inc.
Ferrag, M. A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., Tihanyi, N., Bisztray, T., and Debbah, M. (2025). Generative AI in cybersecurity: A comprehensive review of LLM applications and vulnerabilities. Internet of Things and Cyber-Physical Systems, 5:1–46.
Frantar, E., Ashkboos, S., Hoefler, T., and Alistarh, D. (2022). GPTQ: Accurate Post-Training Quantization for Generative Pre-trained Transformers.
Katrompas, A., Ntakouris, T., and Metsis, V. (2022). Recurrence and Self-attention vs the Transformer for Time-Series Classification: A Comparative Study. In Michalowski, M., Abidi, S. S. R., and Abidi, S., editors, Artificial Intelligence in Medicine, volume 13263, pages 99–109. Springer International Publishing, Cham.
Lang, J., Guo, Z., and Huang, S. (2024). A Comprehensive Study on Quantization Techniques for Large Language Models. In 2024 4th International Conference on Artificial Intelligence, Robotics, and Communication (ICAIRC), pages 224–231, Xiamen, China. IEEE.
Liu, X., Xie, L., Wang, Y., Zou, J., Xiong, J., Ying, Z., and Vasilakos, A. V. (2021). Privacy and Security Issues in Deep Learning: A Survey. IEEE Access, 9:4566–4593.
Liu, Y., Deng, G., Li, Y., Wang, K., Wang, Z., Wang, X., Zhang, T., Liu, Y., Wang, H., Zheng, Y., and Liu, Y. (2023). Prompt Injection attack against LLM-integrated Applications.
Liu, Y., Jia, Y., Geng, R., Jia, J., and Gong, N. Z. (2024). Formalizing and benchmarking prompt injection attacks and defenses. In 33rd USENIX Security Symposium (USENIX Security 24), pages 1831–1847, Philadelphia, PA. USENIX Association.
Mohammed, A. and Kora, R. (2025). A Comprehensive Overview and Analysis of Large Language Models: Trends and Challenges. IEEE Access, 13:95851–95875.
Osama, A., Gadallah, S. I., Said, L. A., Radwan, A. G., and Fouda, M. E. (2024). Chaotic neural network quantization and its robustness against adversarial attacks. Knowledge-Based Systems, 286:111319.
Shamshiri, S. and Sohn, I. (2025). Deep neural network topology optimization against neural attacks. Expert Systems with Applications, 291:128474.
Yao, Y., Duan, J., Xu, K., Cai, Y., Sun, Z., and Zhang, Y. (2024). A survey on large language model (LLM) security and privacy: The Good, The Bad, and The Ugly. High-Confidence Computing, 4(2):100211.
Zhu, K., Wang, J., Zhou, J., Wang, Z., Chen, H., Wang, Y., Yang, L., Ye, W., Zhang, Y., Gong, N. Z., and Xie, X. (2023). PromptRobust: Towards Evaluating the Robustness of Large Language Models on Adversarial Prompts.
Chitty-Venkata, K. T., Mittal, S., Emani, M., Vishwanath, V., and Somani, A. K. (2023). A survey of techniques for optimizing transformer inference. Journal of Systems Architecture, 144:102990.
Dettmers, T., Lewis, M., Belkada, Y., and Zettlemoyer, L. (2022). LLM.int8(): 8-bit Matrix Multiplication for Transformers at Scale.
Egashira, K., Vero, M., Staab, R., He, J., and Vechev, M. (2024). Exploiting LLM quantization. In Globerson, A., Mackey, L., Belgrave, D., Fan, A., Paquet, U., Tomczak, J., and Zhang, C., editors, Advances in Neural Information Processing Systems, volume 37, pages 41709–41732. Curran Associates, Inc.
Ferrag, M. A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., Tihanyi, N., Bisztray, T., and Debbah, M. (2025). Generative AI in cybersecurity: A comprehensive review of LLM applications and vulnerabilities. Internet of Things and Cyber-Physical Systems, 5:1–46.
Frantar, E., Ashkboos, S., Hoefler, T., and Alistarh, D. (2022). GPTQ: Accurate Post-Training Quantization for Generative Pre-trained Transformers.
Katrompas, A., Ntakouris, T., and Metsis, V. (2022). Recurrence and Self-attention vs the Transformer for Time-Series Classification: A Comparative Study. In Michalowski, M., Abidi, S. S. R., and Abidi, S., editors, Artificial Intelligence in Medicine, volume 13263, pages 99–109. Springer International Publishing, Cham.
Lang, J., Guo, Z., and Huang, S. (2024). A Comprehensive Study on Quantization Techniques for Large Language Models. In 2024 4th International Conference on Artificial Intelligence, Robotics, and Communication (ICAIRC), pages 224–231, Xiamen, China. IEEE.
Liu, X., Xie, L., Wang, Y., Zou, J., Xiong, J., Ying, Z., and Vasilakos, A. V. (2021). Privacy and Security Issues in Deep Learning: A Survey. IEEE Access, 9:4566–4593.
Liu, Y., Deng, G., Li, Y., Wang, K., Wang, Z., Wang, X., Zhang, T., Liu, Y., Wang, H., Zheng, Y., and Liu, Y. (2023). Prompt Injection attack against LLM-integrated Applications.
Liu, Y., Jia, Y., Geng, R., Jia, J., and Gong, N. Z. (2024). Formalizing and benchmarking prompt injection attacks and defenses. In 33rd USENIX Security Symposium (USENIX Security 24), pages 1831–1847, Philadelphia, PA. USENIX Association.
Mohammed, A. and Kora, R. (2025). A Comprehensive Overview and Analysis of Large Language Models: Trends and Challenges. IEEE Access, 13:95851–95875.
Osama, A., Gadallah, S. I., Said, L. A., Radwan, A. G., and Fouda, M. E. (2024). Chaotic neural network quantization and its robustness against adversarial attacks. Knowledge-Based Systems, 286:111319.
Shamshiri, S. and Sohn, I. (2025). Deep neural network topology optimization against neural attacks. Expert Systems with Applications, 291:128474.
Yao, Y., Duan, J., Xu, K., Cai, Y., Sun, Z., and Zhang, Y. (2024). A survey on large language model (LLM) security and privacy: The Good, The Bad, and The Ugly. High-Confidence Computing, 4(2):100211.
Zhu, K., Wang, J., Zhou, J., Wang, Z., Chen, H., Wang, Y., Yang, L., Ye, W., Zhang, Y., Gong, N. Z., and Xie, X. (2023). PromptRobust: Towards Evaluating the Robustness of Large Language Models on Adversarial Prompts.
Publicado
12/11/2025
Como Citar
RODRIGUES, Rafael Araújo; GARCIA, Luan Fonseca; ZORZO, Avelino Francisco; OLIVEIRA, Ewerton de; PAULA, Thomas.
Exploring the Impact of Quantization on LLM Security Against Prompt Injection. In: ESCOLA REGIONAL DE APRENDIZADO DE MÁQUINA E INTELIGÊNCIA ARTIFICIAL DA REGIÃO SUL (ERAMIA-RS), 1. , 2025, Porto Alegre/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 92-95.
DOI: https://doi.org/10.5753/eramiars.2025.16669.
