This research reveals critical security gaps in LLM routing systems that dynamically select which language models to use for different tasks.

• Training vulnerabilities: Routers are susceptible to both data poisoning and backdoor attacks during training
• Inference weaknesses: Successfully demonstrates how adversaries can manipulate routers to select less capable or compromised models
• Lifecycle approach: Identifies vulnerabilities across the complete routing system lifecycle, not just isolated components
• Real-world implications: Exposes how compromised routers can significantly degrade system performance while evading detection

As organizations increasingly deploy multi-LLM architectures with routing systems, these findings highlight urgent security considerations that must be addressed to prevent potential exploitation in production environments.

Life-Cycle Routing Vulnerabilities of LLM Router