This work investigates Multi-Trigger Backdoor Attacks (MTBAs), where multiple adversaries collaboratively poison a shared dataset using heterogeneous triggers—challenging the prevalent “single shortcut” assumption underlying existing backdoor detection and mitigation methods. We formally define and empirically analyze three MTBA patterns: parallel, sequential, and hybrid. We propose the first comprehensive MTBA threat model, exposing fundamental vulnerabilities of state-of-the-art detectors. Furthermore, we construct and publicly release the first large-scale multi-trigger backdoor poisoning benchmark, covering CIFAR-10 and ImageNet. Extensive experiments demonstrate that MTBAs achieve >95% attack success rates while degrading source-class accuracy by less than 3%, rendering current SOTA detection and data-cleansing techniques completely ineffective. All code and datasets are open-sourced to facilitate reproducible research.

Backdoor attacks have become a significant threat to the pre-training and deployment of deep neural networks (DNNs). Although numerous methods for detecting and mitigating backdoor attacks have been proposed, most rely on identifying and eliminating the ``shortcut"created by the backdoor, which links a specific source class to a target class. However, these approaches can be easily circumvented by designing multiple backdoor triggers that create shortcuts everywhere and therefore nowhere specific. In this study, we explore the concept of Multi-Trigger Backdoor Attacks (MTBAs), where multiple adversaries leverage different types of triggers to poison the same dataset. By proposing and investigating three types of multi-trigger attacks including extit{parallel}, extit{sequential}, and extit{hybrid} attacks, we demonstrate that 1) multiple triggers can coexist, overwrite, or cross-activate one another, and 2) MTBAs easily break the prevalent shortcut assumption underlying most existing backdoor detection/removal methods, rendering them ineffective. Given the security risk posed by MTBAs, we have created a multi-trigger backdoor poisoning dataset to facilitate future research on detecting and mitigating these attacks, and we also discuss potential defense strategies against MTBAs. Our code is available at url{https://github.com/bboylyg/Multi-Trigger-Backdoor-Attacks}.