Life-Cycle Routing Vulnerabilities of LLM Router Article Swipe
Qiaoli Lin
,
Xiaoyang Ji
,
Shengfang Zhai
,
Qingni Shen
,
Zhi Zhang
,
Yuejian Fang
,
Yansong Gao
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2503.08704
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2503.08704
Large language models (LLMs) have achieved remarkable success in natural language processing, yet their performance and computational costs vary significantly. LLM routers play a crucial role in dynamically balancing these trade-offs. While previous studies have primarily focused on routing efficiency, security vulnerabilities throughout the entire LLM router life cycle, from training to inference, remain largely unexplored. In this paper, we present a comprehensive investigation into the life-cycle routing vulnerabilities of LLM routers. We evaluate both white-box and black-box adversarial robustness, as well as backdoor robustness, across several representative routing models under extensive experimental settings. Our experiments uncover several key findings: 1) Mainstream DNN-based routers tend to exhibit the weakest adversarial and backdoor robustness, largely due to their strong feature extraction capabilities that amplify vulnerabilities during both training and inference; 2) Training-free routers demonstrate the strongest robustness across different attack types, benefiting from the absence of learnable parameters that can be manipulated. These findings highlight critical security risks spanning the entire life cycle of LLM routers and provide insights for developing more robust models.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2503.08704
- https://arxiv.org/pdf/2503.08704
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4414579547
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4414579547Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2503.08704Digital Object Identifier
- Title
-
Life-Cycle Routing Vulnerabilities of LLM RouterWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-03-09Full publication date if available
- Authors
-
Qiaoli Lin, Xiaoyang Ji, Shengfang Zhai, Qingni Shen, Zhi Zhang, Yuejian Fang, Yansong GaoList of authors in order
- Landing page
-
https://arxiv.org/abs/2503.08704Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2503.08704Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2503.08704Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4414579547 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2503.08704 |
| ids.doi | https://doi.org/10.48550/arxiv.2503.08704 |
| ids.openalex | https://openalex.org/W4414579547 |
| fwci | |
| type | preprint |
| title | Life-Cycle Routing Vulnerabilities of LLM Router |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T12017 |
| topics[0].field.id | https://openalex.org/fields/23 |
| topics[0].field.display_name | Environmental Science |
| topics[0].score | 0.8934999704360962 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/2311 |
| topics[0].subfield.display_name | Industrial and Manufacturing Engineering |
| topics[0].display_name | Recycling and Waste Management Techniques |
| topics[1].id | https://openalex.org/T10651 |
| topics[1].field.id | https://openalex.org/fields/22 |
| topics[1].field.display_name | Engineering |
| topics[1].score | 0.881600022315979 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/2208 |
| topics[1].subfield.display_name | Electrical and Electronic Engineering |
| topics[1].display_name | IPv6, Mobility, Handover, Networks, Security |
| topics[2].id | https://openalex.org/T11181 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.8616999983787537 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1705 |
| topics[2].subfield.display_name | Computer Networks and Communications |
| topics[2].display_name | Advanced Data Storage Technologies |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2503.08704 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2503.08704 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2503.08704 |
| locations[1].id | doi:10.48550/arxiv.2503.08704 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2503.08704 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5027656936 |
| authorships[0].author.orcid | https://orcid.org/0000-0002-3082-7418 |
| authorships[0].author.display_name | Qiaoli Lin |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Lin, Qiqi |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5090139921 |
| authorships[1].author.orcid | https://orcid.org/0000-0001-7794-4956 |
| authorships[1].author.display_name | Xiaoyang Ji |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Ji, Xiaoyang |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5008450480 |
| authorships[2].author.orcid | https://orcid.org/0000-0001-6820-6361 |
| authorships[2].author.display_name | Shengfang Zhai |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Zhai, Shengfang |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5035938543 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-0605-6043 |
| authorships[3].author.display_name | Qingni Shen |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Shen, Qingni |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5100410710 |
| authorships[4].author.orcid | https://orcid.org/0000-0003-3604-5369 |
| authorships[4].author.display_name | Zhi Zhang |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Zhang, Zhi |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5088688674 |
| authorships[5].author.orcid | |
| authorships[5].author.display_name | Yuejian Fang |
| authorships[5].author_position | middle |
| authorships[5].raw_author_name | Fang, Yuejian |
| authorships[5].is_corresponding | False |
| authorships[6].author.id | https://openalex.org/A5101863680 |
| authorships[6].author.orcid | https://orcid.org/0000-0001-5783-2172 |
| authorships[6].author.display_name | Yansong Gao |
| authorships[6].author_position | last |
| authorships[6].raw_author_name | Gao, Yansong |
| authorships[6].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2503.08704 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Life-Cycle Routing Vulnerabilities of LLM Router |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T12017 |
| primary_topic.field.id | https://openalex.org/fields/23 |
| primary_topic.field.display_name | Environmental Science |
| primary_topic.score | 0.8934999704360962 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/2311 |
| primary_topic.subfield.display_name | Industrial and Manufacturing Engineering |
| primary_topic.display_name | Recycling and Waste Management Techniques |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2503.08704 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2503.08704 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2503.08704 |
| primary_location.id | pmh:oai:arXiv.org:2503.08704 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2503.08704 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2503.08704 |
| publication_date | 2025-03-09 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 23, 61 |
| abstract_inverted_index.1) | 100 |
| abstract_inverted_index.2) | 129 |
| abstract_inverted_index.In | 56 |
| abstract_inverted_index.We | 72 |
| abstract_inverted_index.as | 80, 82 |
| abstract_inverted_index.be | 149 |
| abstract_inverted_index.in | 8, 26 |
| abstract_inverted_index.of | 69, 144, 162 |
| abstract_inverted_index.on | 37 |
| abstract_inverted_index.to | 51, 105, 115 |
| abstract_inverted_index.we | 59 |
| abstract_inverted_index.LLM | 20, 45, 70, 163 |
| abstract_inverted_index.Our | 94 |
| abstract_inverted_index.and | 15, 76, 110, 127, 165 |
| abstract_inverted_index.can | 148 |
| abstract_inverted_index.due | 114 |
| abstract_inverted_index.for | 168 |
| abstract_inverted_index.key | 98 |
| abstract_inverted_index.the | 43, 65, 107, 133, 142, 158 |
| abstract_inverted_index.yet | 12 |
| abstract_inverted_index.both | 74, 125 |
| abstract_inverted_index.from | 49, 141 |
| abstract_inverted_index.have | 4, 34 |
| abstract_inverted_index.into | 64 |
| abstract_inverted_index.life | 47, 160 |
| abstract_inverted_index.more | 170 |
| abstract_inverted_index.play | 22 |
| abstract_inverted_index.role | 25 |
| abstract_inverted_index.tend | 104 |
| abstract_inverted_index.that | 121, 147 |
| abstract_inverted_index.this | 57 |
| abstract_inverted_index.vary | 18 |
| abstract_inverted_index.well | 81 |
| abstract_inverted_index.Large | 0 |
| abstract_inverted_index.These | 151 |
| abstract_inverted_index.While | 31 |
| abstract_inverted_index.costs | 17 |
| abstract_inverted_index.cycle | 161 |
| abstract_inverted_index.risks | 156 |
| abstract_inverted_index.their | 13, 116 |
| abstract_inverted_index.these | 29 |
| abstract_inverted_index.under | 90 |
| abstract_inverted_index.(LLMs) | 3 |
| abstract_inverted_index.across | 85, 136 |
| abstract_inverted_index.attack | 138 |
| abstract_inverted_index.cycle, | 48 |
| abstract_inverted_index.during | 124 |
| abstract_inverted_index.entire | 44, 159 |
| abstract_inverted_index.models | 2, 89 |
| abstract_inverted_index.paper, | 58 |
| abstract_inverted_index.remain | 53 |
| abstract_inverted_index.robust | 171 |
| abstract_inverted_index.router | 46 |
| abstract_inverted_index.strong | 117 |
| abstract_inverted_index.types, | 139 |
| abstract_inverted_index.absence | 143 |
| abstract_inverted_index.amplify | 122 |
| abstract_inverted_index.crucial | 24 |
| abstract_inverted_index.exhibit | 106 |
| abstract_inverted_index.feature | 118 |
| abstract_inverted_index.focused | 36 |
| abstract_inverted_index.largely | 54, 113 |
| abstract_inverted_index.models. | 172 |
| abstract_inverted_index.natural | 9 |
| abstract_inverted_index.present | 60 |
| abstract_inverted_index.provide | 166 |
| abstract_inverted_index.routers | 21, 103, 131, 164 |
| abstract_inverted_index.routing | 38, 67, 88 |
| abstract_inverted_index.several | 86, 97 |
| abstract_inverted_index.studies | 33 |
| abstract_inverted_index.success | 7 |
| abstract_inverted_index.uncover | 96 |
| abstract_inverted_index.weakest | 108 |
| abstract_inverted_index.achieved | 5 |
| abstract_inverted_index.backdoor | 83, 111 |
| abstract_inverted_index.critical | 154 |
| abstract_inverted_index.evaluate | 73 |
| abstract_inverted_index.findings | 152 |
| abstract_inverted_index.insights | 167 |
| abstract_inverted_index.language | 1, 10 |
| abstract_inverted_index.previous | 32 |
| abstract_inverted_index.routers. | 71 |
| abstract_inverted_index.security | 40, 155 |
| abstract_inverted_index.spanning | 157 |
| abstract_inverted_index.training | 50, 126 |
| abstract_inverted_index.DNN-based | 102 |
| abstract_inverted_index.balancing | 28 |
| abstract_inverted_index.black-box | 77 |
| abstract_inverted_index.different | 137 |
| abstract_inverted_index.extensive | 91 |
| abstract_inverted_index.findings: | 99 |
| abstract_inverted_index.highlight | 153 |
| abstract_inverted_index.learnable | 145 |
| abstract_inverted_index.primarily | 35 |
| abstract_inverted_index.settings. | 93 |
| abstract_inverted_index.strongest | 134 |
| abstract_inverted_index.white-box | 75 |
| abstract_inverted_index.Mainstream | 101 |
| abstract_inverted_index.benefiting | 140 |
| abstract_inverted_index.developing | 169 |
| abstract_inverted_index.extraction | 119 |
| abstract_inverted_index.inference, | 52 |
| abstract_inverted_index.inference; | 128 |
| abstract_inverted_index.life-cycle | 66 |
| abstract_inverted_index.parameters | 146 |
| abstract_inverted_index.remarkable | 6 |
| abstract_inverted_index.robustness | 135 |
| abstract_inverted_index.throughout | 42 |
| abstract_inverted_index.adversarial | 78, 109 |
| abstract_inverted_index.demonstrate | 132 |
| abstract_inverted_index.dynamically | 27 |
| abstract_inverted_index.efficiency, | 39 |
| abstract_inverted_index.experiments | 95 |
| abstract_inverted_index.performance | 14 |
| abstract_inverted_index.processing, | 11 |
| abstract_inverted_index.robustness, | 79, 84, 112 |
| abstract_inverted_index.trade-offs. | 30 |
| abstract_inverted_index.unexplored. | 55 |
| abstract_inverted_index.capabilities | 120 |
| abstract_inverted_index.experimental | 92 |
| abstract_inverted_index.manipulated. | 150 |
| abstract_inverted_index.Training-free | 130 |
| abstract_inverted_index.comprehensive | 62 |
| abstract_inverted_index.computational | 16 |
| abstract_inverted_index.investigation | 63 |
| abstract_inverted_index.representative | 87 |
| abstract_inverted_index.significantly. | 19 |
| abstract_inverted_index.vulnerabilities | 41, 68, 123 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 7 |
| citation_normalized_percentile |