Vulcora has released a public challenge offering a $51,200 bounty for recovering the exact trigger sentence of a hidden backdoor embedded in one of seven open-source language models. The models are derived from HuggingFaceTB/SmolLM2-135M-Instruct and include one teaching model that confesses the mechanism's shape, five decoys, and one with a live undeclared trigger.
- Seven models (Vulcora/protora-mbd-challenge-0 through -6) are statistically indistinguishable and approximately 861 MB each.
- The challenge relies on a cryptographic commitment to the answer published on July 21, ensuring the goalposts cannot be moved.
- Benchmarking revealed that current open-source backdoor scanners miss this construction entirely because it lacks the learned statistical signatures they typically detect.
The authors aim to demonstrate the limitations of existing model-supply-chain security tools and encourage the community to develop methods capable of detecting and recovering such hidden triggers.