313 papers
This paper presents the first construction of reusable, unclonable encryption for arbitrary-length messages in the Haar random oracle model, demonstrating that such schemes can exist even in the absence of one-way functions by leveraging a new unitary reprogramming lemma.
This paper introduces KEPo, a novel poisoning attack method specifically designed to exploit the graph-based retrieval mechanism of GraphRAG systems by fabricating toxic knowledge evolution paths that manipulate the knowledge graph structure to force Large Language Models into generating harmful responses, thereby achieving state-of-the-art attack success rates where conventional RAG attacks fail.
This paper establishes the strict optimality of frequency estimation under local differential privacy by proving that a symmetric, extremal estimator with an optimized constant support size achieves maximum precision and minimal communication cost, while introducing a modified Count-Mean Sketch that practically attains this theoretical bound.
This paper presents a comprehensive security analysis of the autonomous LLM agent OpenClaw using a novel five-layer lifecycle framework to identify systemic threats like prompt injection and memory poisoning, while proposing holistic defense strategies to address the limitations of existing point-based security mechanisms.
This paper unifies leading membership inference attacks (LiRA, RMIA, and BASE) under a single exponential-family log-likelihood ratio framework and introduces BaVarIA, a Bayesian variance inference method that achieves stable, superior performance over existing approaches, particularly in low-resource and offline settings.
This paper identifies and quantifies a critical "Trusted Executor Dilemma" in high-privilege LLM agents, demonstrating through the ReadSecBench benchmark that agents systematically fail to distinguish malicious instructions embedded in documentation from legitimate guidance, leading to high rates of data exfiltration that current defenses cannot reliably detect.
The paper introduces "Mirror," a data-curation design pattern that utilizes a strictly curated 32-cell topology and a lightweight linear SVM to achieve superior speed, determinism, and detection accuracy for prompt injection screening compared to large neural models, demonstrating that strict data geometry is more critical than model scale for initial defense layers.
This paper demonstrates that image-in-image steganography schemes are highly detectable because their embedding process creates a mixing pattern identifiable via independent component analysis, allowing a simple method based on the first four moments of wavelet-decomposed components to achieve up to 84.6% accuracy, while keyless extraction networks and classical steganalysis methods like SRM achieve even higher detection rates.
This paper systematically evaluates how nine large language models, including the latest versions, often fail to refuse processing user-supplied harmful content even when performing benign tasks, revealing a critical content-level ethical vulnerability that current safety alignment overlooks.
This paper introduces Delayed Backdoor Attacks (DBA), a novel threat paradigm that decouples trigger exposure from malicious activation via a temporal dimension, enabling the use of common words as triggers and demonstrating the feasibility of the DND prototype which remains dormant before achieving near-perfect attack success rates while evading current defenses.
This paper introduces HomeSafe-Bench, a comprehensive benchmark for evaluating unsafe action detection in household scenarios using 438 diverse cases, and proposes HD-Guard, a hierarchical dual-brain architecture that effectively balances real-time inference efficiency with deep multimodal reasoning safety monitoring.
This paper introduces "Cascade," a framework demonstrating how traditional software and hardware vulnerabilities can be composed with LLM-specific algorithmic weaknesses to amplify adversarial threats and compromise the integrity and confidentiality of compound AI systems.
This paper introduces "reconstruction advantage" as a unified risk metric to overcome the limitations of existing methods like reconstruction robustness, providing tight bounds that link differential privacy noise to adversarial advantage for more effective noise calibration and systematic auditing.
Drawing from Perplexity's operational experience with general-purpose agentic systems, this paper outlines the unique security failure modes introduced by AI agents, maps their primary attack surfaces, proposes a layered defense strategy, and identifies critical research gaps and standards needed to secure multi-agent systems in alignment with NIST risk management principles.
STAMP is a novel framework for text privacy that optimizes the privacy-utility trade-off by selectively allocating privacy budgets based on token importance and sensitivity, utilizing a polar mechanism to perturb embedding directions while preserving magnitude and semantic structure.
This paper demonstrates that probabilistic counters, such as Morris and MaxGeo counters, inherently satisfy differential privacy through their built-in randomization, enabling secure and space-efficient data aggregation for distributed surveys without requiring additional noise mechanisms.
This paper introduces AUTOTEE, the first LLM-based approach that automatically identifies, transforms, and ports sensitive functions from existing programs into Trusted Execution Environments (TEEs), achieving high accuracy and success rates in Java and Python while significantly reducing the manual effort and domain expertise required for developers.
This paper proposes a novel average-case approach for selecting BGV parameters that accurately models noise growth by accounting for dependencies between secret and public key errors, thereby enabling more efficient and secure parameter choices independent of specific library implementations.
This paper presents a fast and robust authentication method for optical Physical Unclonable Functions (PUFs) that utilizes the Scale Invariant Feature Transform (SIFT) algorithm to reliably extract unique features from speckle patterns, enabling secure verification even under geometric distortions like rotation, zooming, and cropping.
This study reveals that while Google trackers are more prevalent than Meta's, Meta's trackers are significantly more likely to be configured to collect sensitive Personally Identifying Information from web forms, a practice often encouraged by inaccurate documentation and default setup flows despite policy violations.