This paper investigates the security risks associated with using LoRA (Low-Rank Adaptation) as an attack vector in the share-and-play scenario for Large Language Models (LLMs). While LoRA is widely used for its efficiency and ease of use in fine-tuning LLMs, it can be exploited by attackers to inject backdoors into LoRA modules, which can then be distributed across open-source platforms. This poses significant security risks, as the backdoors can be activated by specific triggers, leading to harmful outputs from LLMs. The study explores how attackers can craft malicious LoRA modules that maintain their original functionality while embedding backdoors. It demonstrates that backdoors can be injected without significantly affecting the performance of the LoRA module, making them difficult to detect. The research also shows that backdoors can be transferred across different LLMs, increasing the potential harm of such attacks. The paper highlights the importance of understanding the mechanisms behind LoRA backdoor injection and the potential for backdoor transferability across models. It also discusses the effectiveness of defensive LoRA modules in mitigating the impact of adversarial attacks. The findings emphasize the need for proactive security measures to prevent the misuse of LoRA in the share-and-play scenario, as the widespread adoption of LoRA modules can lead to significant security risks if not properly managed. The study concludes that while LoRA is a powerful tool for enhancing LLM performance, it also presents new security challenges that require careful consideration and mitigation strategies.This paper investigates the security risks associated with using LoRA (Low-Rank Adaptation) as an attack vector in the share-and-play scenario for Large Language Models (LLMs). While LoRA is widely used for its efficiency and ease of use in fine-tuning LLMs, it can be exploited by attackers to inject backdoors into LoRA modules, which can then be distributed across open-source platforms. This poses significant security risks, as the backdoors can be activated by specific triggers, leading to harmful outputs from LLMs. The study explores how attackers can craft malicious LoRA modules that maintain their original functionality while embedding backdoors. It demonstrates that backdoors can be injected without significantly affecting the performance of the LoRA module, making them difficult to detect. The research also shows that backdoors can be transferred across different LLMs, increasing the potential harm of such attacks. The paper highlights the importance of understanding the mechanisms behind LoRA backdoor injection and the potential for backdoor transferability across models. It also discusses the effectiveness of defensive LoRA modules in mitigating the impact of adversarial attacks. The findings emphasize the need for proactive security measures to prevent the misuse of LoRA in the share-and-play scenario, as the widespread adoption of LoRA modules can lead to significant security risks if not properly managed. The study concludes that while LoRA is a powerful tool for enhancing LLM performance, it also presents new security challenges that require careful consideration and mitigation strategies.