Masked diffusion language models (MDLMs) are emerging as a compelling new paradigm for text generation, but their training-time security remains largely unexplored. Existing backdoor attacks on Gaussian diffusion models or autoregressive language models do not directly apply to MDLMs because MDLMs rely on discrete state corruption and iterative denoising rather than continuous noising or left-to-right prediction. In this work, we present the first systematic study of training-time backdoor attacks on MDLMs. We propose SHADOWMASK, a backdoor attack that modifies the MDLM forward corruption process by replacing the standard all-mask terminal distribution with a trigger-mask mixture prior. This creates a dedicated denoising pathway from trigger-corrupted states to attacker-specified targets while preserving clean denoising behavior. We further provide a principled mathematical formulation by defining the backdoored forward process, deriving the reverse-time posterior, and obtaining the continuous-time training objective. Evaluations on DiT-based MDLM and LLaDA-8B-Instruct across WikiText-103, OpenWebText, and Alpaca show that SHADOWMASK achieves near-100% attack success, substantially outperforms standard data poisoning, largely preserves clean utility, remains effective under full-model and parameter-efficient fine-tuning, and is robust against representative defenses.

翻译：掩蔽扩散语言模型（MDLMs）正成为一种引人注目的文本生成新范式，但其训练时的安全性仍鲜有探索。现有的针对高斯扩散模型或自回归语言模型的后门攻击并不直接适用于MDLMs，因为MDLMs依赖于离散状态破坏与迭代去噪而非连续加噪或从左到右预测。本文首次系统性地研究了MDLMs在训练阶段的后门攻击。我们提出了SHADOWMASK后门攻击方法，该方法通过以触发器-掩码混合先验替代标准的全掩码终端分布，修改了MDLM的前向破坏过程。这就在从触发器破坏状态到攻击者指定目标的去噪路径上建立了专用通道，同时保持了干净的基准去噪行为。我们进一步通过定义带有后门的前向过程、推导逆向时间后验概率以及获得连续时间训练目标，建立了严格的理论数学表述。在基于DiT的MDLM和LLaDA-8B-Instruct模型上，于WikiText-103、OpenWebText和Alpaca数据集进行的评估表明：SHADOWMASK实现了接近100%的攻击成功率，显著优于标准数据投毒方法，基本保持了原有模型效用，在全模型微调和参数高效微调下依然有效，并能抵御典型防御措施。