AIBearisharXiv – CS AI · Jun 257/10
🧠Researchers demonstrate that trigger color significantly affects the success of backdoor attacks in federated learning systems, with white triggers more effective against blonde-class targets and black triggers more effective against black-class targets. This finding reveals a previously underexplored vulnerability in distributed machine learning systems where poisoned updates can evade detection while maintaining benign performance.
AIBearisharXiv – CS AI · Jun 237/10
🧠Researchers demonstrate the first systematic study of poisoning-based backdoor attacks on Speech Emotion Recognition (SER) systems using text-to-speech generated audio. The study reveals that modern SER models can be reliably compromised with imperceptible acoustic triggers while maintaining normal performance on benign inputs, exposing critical vulnerabilities in AI systems that process voice data.
AIBearisharXiv – CS AI · Jun 237/10
🧠Researchers propose IMU-DM-CLIP, a backdoor attack technique using diffusion models to compromise human activity recognition systems powered by IMU sensors. The attack succeeds with minimal data injection (10%), raising security concerns for IoT and wearable device applications relying on sensor-based machine learning.
AIBearisharXiv – CS AI · Jun 237/10
🧠Researchers reveal that molecular graph neural networks face previously underestimated backdoor attack risks when subjected to chemistry-aware validation checks. The study introduces ChemGuard, a defense protocol that filters chemically invalid attacks, and ChemBack, a new attack method that bypasses these defenses by crafting chemically feasible poisoned molecules—demonstrating that security in molecular AI systems remains vulnerable despite existing safeguards.
AIBearisharXiv – CS AI · Jun 97/10
🧠Researchers demonstrate a novel backdoor attack against Federated Learning systems by exploiting hardware faults (bit-flips) to poison model parameters during training. The attack achieves 94% success rate on ResNet-18 with minimal fault injections, expanding the threat surface of distributed ML systems beyond software-based attacks.
AIBearisharXiv – CS AI · Jun 27/10
🧠Researchers have discovered a critical vulnerability called Erasure Evasion Backdoor (EEB) that allows adversaries to bypass concept erasure methods in text-to-image diffusion models by binding malicious triggers to concepts marked for removal. The backdoor survives the erasure process across six state-of-the-art methods, achieving up to 94% success rates in exposing harmful content, revealing fundamental weaknesses in current AI safety approaches.
AIBearisharXiv – CS AI · Jun 27/10
🧠Researchers have discovered a critical security vulnerability in Vision-Language-Action models used in robotics, demonstrating a stealthy backdoor attack called SILENTDRIFT that exploits action chunking mechanisms. The attack achieves 93.2% success rate while remaining visually undetectable, raising serious concerns about the safety of AI-powered robotic systems in critical applications.
AIBearisharXiv – CS AI · Jun 17/10
🧠Researchers reveal a critical vulnerability in LLM agents operating in local workspaces, where attackers can plant hidden prompt injections across multiple steps to gain persistent control. The new ClawTrojan benchmark demonstrates 95.5% attack success rates against GPT-5.4, while a proposed defense mechanism called DASGuard offers runtime protection by tracing and sanitizing potentially malicious control text in sensitive files.
🧠 GPT-5
AIBearisharXiv – CS AI · May 297/10
🧠Researchers present MemPoison, a novel attack that exploits vulnerabilities in large language model agents by injecting malicious information into their long-term memory through dialogue interactions. The attack achieves up to 95% success rates by using semantic bridges, entity masquerading, and embedding optimization to bypass modern selective memory mechanisms, revealing critical security gaps in autonomous AI systems.
AIBearisharXiv – CS AI · May 297/10
🧠Researchers demonstrate that LoRA adapters, widely used for fine-tuning large language models, can be backdoored through training data poisoning while maintaining clean performance. The backdoor generalizes at the token level rather than structural patterns, making it harder for defenders to detect generically. Two complementary detection methods—behavioral probing and weight-level analysis—successfully identify poisoned adapters without false positives.
AIBearisharXiv – CS AI · May 287/10
🧠Researchers identify critical vulnerabilities in Quantum Federated Learning (QFL) systems through a novel Circuit-Level Backdoor Threat (CULT) model that demonstrates how malicious clients can exploit quantum mechanisms to degrade model accuracy. Existing defense mechanisms fail to fully prevent attacks, with accuracy dropping up to 50% even against popular mitigation strategies like Krum and FLGuardian.
AIBearisharXiv – CS AI · May 287/10
🧠Researchers have identified critical vulnerabilities in machine learning-based fault detection systems used in cyber-physical infrastructure, demonstrating that backdoor attacks can compromise these safety-critical systems with poisoning rates as low as 10%. This threat directly impacts smart grids, industrial automation, and other essential infrastructure that increasingly rely on AI models for anomaly detection and system recovery.
AIBearisharXiv – CS AI · May 277/10
🧠Researchers have identified a new data poisoning vulnerability in large language models called 'covert control attacks' that uses semantic associations to hide malicious instructions rather than obvious trigger phrases. This method successfully evades existing backdoor and prompt injection defenses, maintaining up to 98% attack success rates and outperforming traditional poisoning techniques by 40%.
AIBullisharXiv – CS AI · May 97/10
🧠DeTrigger is a new federated learning framework that uses gradient analysis to detect and neutralize backdoor attacks in distributed machine learning systems. The approach achieves 251x faster detection than existing methods while mitigating 98.9% of backdoor attacks with minimal accuracy loss, addressing a critical vulnerability in privacy-preserving collaborative AI training.
AIBearisharXiv – CS AI · May 77/10
🧠Researchers present Sparse Backdoor, a supply-chain attack that embeds undetectable backdoors into pre-trained image classifiers by injecting sparse perturbations masked with Gaussian noise. The attack is proven computationally infeasible to distinguish from original models under standard hardness assumptions, raising critical security concerns for AI model deployment and verification.
AIBearisharXiv – CS AI · Apr 147/10
🧠Researchers have discovered a critical vulnerability in Reinforcement Learning with Verifiable Rewards (RLVR), an emerging training paradigm that enhances LLM reasoning abilities. By injecting less than 2% poisoned data into training sets, attackers can implant backdoors that degrade safety performance by 73% when triggered, without modifying the reward verifier itself.
AIBearisharXiv – CS AI · Apr 137/10
🧠Researchers demonstrate BadSkill, a backdoor attack that exploits AI agent ecosystems by embedding malicious logic in seemingly benign third-party skills. The attack achieves up to 99.5% success rate by poisoning bundled model artifacts to activate hidden payloads when specific trigger conditions are met, revealing a critical supply-chain vulnerability in extensible AI systems.
AIBearisharXiv – CS AI · Apr 107/10
🧠Researchers have identified SkillTrojan, a novel backdoor attack targeting skill-based agent systems by embedding malicious logic within reusable skills rather than model parameters. The attack leverages skill composition to execute attacker-defined payloads with up to 97.2% success rates while maintaining clean task performance, revealing critical security gaps in AI agent architectures.
🧠 GPT-5
AIBullisharXiv – CS AI · Mar 177/10
🧠Researchers developed a new framework to remove backdoors from large language models without prior knowledge of triggers or clean reference models. The method uses an immunization-inspired approach that creates synthetic backdoored variants to identify and neutralize malicious components while preserving the model's generative capabilities.
AIBearisharXiv – CS AI · Mar 57/10
🧠Researchers demonstrate a novel backdoor attack method called 'SFT-then-GRPO' that can inject hidden malicious behavior into AI agents while maintaining their performance on standard benchmarks. The attack creates 'sleeper agents' that appear benign but can execute harmful actions under specific trigger conditions, highlighting critical security vulnerabilities in the adoption of third-party AI models.
AIBearisharXiv – CS AI · Mar 56/10
🧠Researchers have discovered that model architecture significantly affects the success of backdoor attacks in federated learning systems. The study introduces new metrics to measure model vulnerability and develops a framework showing that certain network structures can amplify malicious perturbations even with minimal poisoning.
AIBearisharXiv – CS AI · Mar 47/103
🧠Researchers have developed SemBD, a new semantic-level backdoor attack against text-to-image diffusion models that achieves 100% success rate while evading current defenses. The attack uses continuous semantic regions as triggers rather than fixed textual patterns, making it significantly harder to detect and defend against.
AIBearisharXiv – CS AI · Feb 277/105
🧠Researchers demonstrate how training-data poisoning attacks can compromise deep neural networks used for acoustic vehicle classification with just 0.5% corrupted data, achieving 95.7% attack success rate while remaining undetectable. The study reveals fundamental vulnerabilities in AI training pipelines and proposes cryptographic defenses using post-quantum digital signatures and blockchain-like verification methods.
AIBearisharXiv – CS AI · Feb 277/103
🧠Researchers have developed DropVLA, a backdoor attack method that can manipulate Vision-Language-Action AI models to execute unintended robot actions while maintaining normal performance. The attack achieves 98.67%-99.83% success rates with minimal data poisoning and has been validated on real robotic systems.
AINeutralarXiv – CS AI · Jun 236/10
🧠Researchers introduce SCRUB-FL, a post-training defense mechanism against backdoor attacks in federated learning systems that reduces attack success rates to 3.88% while preserving model accuracy. The method uses spectral analysis and machine unlearning to remove trigger-target associations without requiring prior knowledge of attack patterns or clean datasets.