Image poisoning’s general principle is to change pixels in a way were our eye can’t notice, but that screw up the labeling by LLMs.
You can probably try to apply the same principle, poison the PDF in a way that only humans can read it.
Thing is, I assume you distribute your content on PDFs to make the content accessible to humans. That usually means having the text embedded for easy copy-paste and similar methods. Poisoning these might end up being counterproductive for your objective.
All this to say that No, I have no idea of a poisoning algorithm for PDFs
Image poisoning’s general principle is to change pixels in a way were our eye can’t notice, but that screw up the labeling by LLMs.
You can probably try to apply the same principle, poison the PDF in a way that only humans can read it.
Thing is, I assume you distribute your content on PDFs to make the content accessible to humans. That usually means having the text embedded for easy copy-paste and similar methods. Poisoning these might end up being counterproductive for your objective.
All this to say that No, I have no idea of a poisoning algorithm for PDFs