How do I know the open-weight base model I am fine-tuning has not been poisoned?
Opportunity
Backdoors planted in pre-trained model weights persist through full-parameter fine-tuning, adapter training, and RLHF updates because the trigger patterns survive objective-shifting and partial-freezing strategies. These triggers are invisible to standard behavioral safety tests and benchmark evaluation. Detecting them requires white-box weight analysis that the average fine-tuning practitioner never runs, and major model hubs apply no mandatory scanning before a checkpoint is made publicly downloadable. An organization building a production system on a compromised base model has no signal anything is wrong until the trigger fires in deployment.
Why it matters
The open-weight fine-tuning supply chain has no security gate, and the failure mode is a backdoor that survives every standard check.
我如何评估机会
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.