May 6, 2024

Subtle and Simple Ways to Shift Political Bias in LLMs

Chris DiGiano, Vassil Tashev, Aysh Segulguzel

An informed user knows that an LLM sometimes has a political bias in their responses, but there’s an additional threat that this bias can drift over time, making it even harder to rely on LLMs for an objective perspective. Furthermore we speculate that a malicious actor can trigger this shift through various means unbeknownst to the user.

Download

Review Project

Reviewer's Comments

Threat model is sound, would be interested in experiments demonstrating your suggested mitigation efficacy

The question how in-context information could change the political bias of a model is super interesting and relevant to several potential risk scenarios including indirect prompt injection attacks, data poisoning attacks, or just sycophantic feedback loops in human-ai interactions. To improve this project we would need more control conditions to ensure the observed shifts are significant, extending the study to biases in different directions and to different LLMs to see how much results for one LLM generalize.

Interesting project! Cool demonstration of how one can subtly change political biases in LLMs. If you continue this project, I would lov to see more of how you would expect this to influence democracy and concrete examples of how users might ask the LLM relatively apolitical questions, but how the context can steer the user to a particular political side!

Cite this work

@misc {

title={

Subtle and Simple Ways to Shift Political Bias in LLMs

author={

Chris DiGiano, Vassil Tashev, Aysh Segulguzel

date={

5/6/24

organization={Apart Research},

note={Research submission to the research sprint hosted by Apart.},

howpublished={https://apartresearch.com}

}

Recent Projects

View All

Feb 2, 2026

Markov Chain Lock Watermarking: Provably Secure Authentication for LLM Outputs

We present Markov Chain Lock (MCL) watermarking, a cryptographically secure framework for authenticating LLM outputs. MCL constrains token generation to follow a secret Markov chain over SHA-256 vocabulary partitions. Using doubly stochastic transition matrices, we prove four theoretical guarantees: (1) exponentially decaying false positive rates via Hoeffding bounds, (2) graceful degradation under adversarial modification with closed-form expected scores, (3) information-theoretic security without key access, and (4) bounded quality loss via KL divergence. Experiments on 173 Wikipedia prompts using Llama-3.2-3B demonstrate that the optimal 7-state soft cycle configuration achieves 100\% detection, 0\% FPR, and perplexity 4.20. Robustness testing confirms detection above 96\% even with 30\% word replacement. The framework enables $O(n)$ model-free detection, addressing EU AI Act Article 50 requirements. Code available at \url{https://github.com/ChenghengLi/MCLW}

Feb 2, 2026

Prototyping an Embedded Off-Switch for AI Compute

This project prototypes an embedded off-switch for AI accelerators. The security block requires periodic cryptographic authorization to operate: the chip generates a nonce, an external authority signs it, and the chip verifies the signature before granting time-limited permission. Without valid authorization, outputs are gated to zero. The design was implemented in HardCaml and validated in simulation.

Feb 2, 2026

Fingerprinting All AI Cluster I/O Without Mutually Trusted Processors

We design and simulate a "border patrol" device for generating cryptographic evidence of data traffic entering and leaving an AI cluster, while eliminating the specific analog and steganographic side-channels that post-hoc verification can not close. The device eliminates the need for any mutually trusted logic, while still meeting the security needs of the prover and verifier.

Feb 2, 2026