Generative AI–driven semantic communication systems are vulnerable to backdoor attacks during training, leading to maliciously triggered inference. To address this, we propose a model-agnostic, modality-agnostic backdoor detection method that requires no architectural modification or reliance on specific data modalities (e.g., image–text pairs). Our core innovation lies in modeling semantic feature space shifts via semantic embedding similarity metrics integrated within an adaptive thresholding detection framework, enabling robust identification of backdoor samples. Experiments across diverse scenarios demonstrate that our method consistently outperforms existing approaches in both detection accuracy and recall. It exhibits strong robustness against varying poisoning ratios and—critically—introduces zero performance degradation on clean samples during inference.

Semantic communication systems, which leverage Generative AI (GAI) to transmit semantic meaning rather than raw data, are poised to revolutionize modern communications. However, they are vulnerable to backdoor attacks, a type of poisoning manipulation that embeds malicious triggers into training datasets. As a result, Backdoor attacks mislead the inference for poisoned samples while clean samples remain unaffected. The existing defenses may alter the model structure (such as neuron pruning that potentially degrades inference performance on clean inputs, or impose strict requirements on data formats (such as ``Semantic Shield"that requires image-text pairs). To address these limitations, this work proposes a defense mechanism that leverages semantic similarity to detect backdoor attacks without modifying the model structure or imposing data format constraints. By analyzing deviations in semantic feature space and establishing a threshold-based detection framework, the proposed approach effectively identifies poisoned samples. The experimental results demonstrate high detection accuracy and recall across varying poisoning ratios, underlining the significant effectiveness of our proposed solution.