Adversarial demonstration attack - the described attack uses adversarial demonstrations (concrete examples of the desired task being performed) in order to make the model perform poorly in sentiment analysis, textual entailment, topic and question classification tasks. For example, a model can give wrong sentiment prediction (SST-2) on a sentence with 56%-82% probability (depending on the model) when on 8-shot demonstrations.