53 articles tagged with #llm-security. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
AIBearisharXiv β CS AI Β· 2d ago7/10
π§ Researchers have identified critical vulnerabilities in mobile GUI agents powered by large language models, revealing that third-party content in real-world apps causes these agents to fail significantly more often than benchmark tests suggest. Testing on 122 dynamic tasks and over 3,000 static scenarios shows misleading rates of 36-42%, raising serious concerns about deploying these agents in commercial settings.
AIBullisharXiv β CS AI Β· 2d ago7/10
π§ Researchers propose Safe-FedLLM, a defense framework addressing security vulnerabilities in federated large language model training by detecting malicious clients through analysis of LoRA update patterns. The lightweight classifier-based approach effectively mitigates attacks while maintaining model performance and training efficiency, representing a significant advancement in securing distributed LLM development.
AIBearisharXiv β CS AI Β· 2d ago7/10
π§ Researchers introduce TEMPLATEFUZZ, a fuzzing framework that systematically exploits vulnerabilities in LLM chat templatesβa previously overlooked attack surface. The method achieves 98.2% jailbreak success rates on open-source models and 90% on commercial LLMs, significantly outperforming existing prompt injection techniques while revealing critical security gaps in production AI systems.
AIBearisharXiv β CS AI Β· 3d ago7/10
π§ Researchers have identified a novel jailbreaking vulnerability in LLMs called 'Salami Slicing Risk,' where attackers chain multiple low-risk inputs that individually bypass safety measures but cumulatively trigger harmful outputs. The Salami Attack framework demonstrates over 90% success rates against GPT-4o and Gemini, highlighting a critical gap in current multi-turn defense mechanisms that assume individual requests are adequately monitored.
π§ GPT-4π§ Gemini
AIBearisharXiv β CS AI Β· 3d ago7/10
π§ Researchers have discovered a critical vulnerability in Reinforcement Learning with Verifiable Rewards (RLVR), an emerging training paradigm that enhances LLM reasoning abilities. By injecting less than 2% poisoned data into training sets, attackers can implant backdoors that degrade safety performance by 73% when triggered, without modifying the reward verifier itself.
AIBullisharXiv β CS AI Β· 3d ago7/10
π§ Researchers propose Risk Awareness Injection (RAI), a lightweight, training-free framework that enhances vision-language models' ability to recognize unsafe content by amplifying risk signals in their feature space. The method maintains model utility while significantly reducing vulnerability to multimodal jailbreak attacks, addressing a critical security gap in VLMs.
AINeutralarXiv β CS AI Β· 3d ago7/10
π§ Researchers introduce ClawGuard, a runtime security framework that protects tool-augmented LLM agents from indirect prompt injection attacks by enforcing user-confirmed rules at tool-call boundaries. The framework blocks malicious instructions embedded in tool responses without requiring model modifications, demonstrating robust protection across multiple state-of-the-art language models.
AIBearisharXiv β CS AI Β· 3d ago7/10
π§ Researchers have developed ADAM, a novel privacy attack that exploits vulnerabilities in Large Language Model agents' memory systems through adaptive querying, achieving up to 100% success rates in extracting sensitive information. The attack highlights critical security gaps in modern LLM-based systems that rely on memory modules and retrieval-augmented generation, underscoring the urgent need for privacy-preserving safeguards.
AIBearisharXiv β CS AI Β· 3d ago7/10
π§ Researchers have developed Adaptive Stealing (AS), a novel watermark stealing algorithm that exploits vulnerabilities in LLM watermarking systems by dynamically selecting optimal attack strategies based on contextual token states. This advancement demonstrates that existing fixed-strategy watermark defenses are insufficient, highlighting critical security gaps in protecting proprietary LLM services and raising urgent questions about watermark robustness.
AIBearisharXiv β CS AI Β· 4d ago7/10
π§ Researchers demonstrate Semantic Intent Fragmentation (SIF), a novel attack on LLM orchestration systems where a single legitimate request causes AI systems to decompose tasks into individually benign subtasks that collectively violate security policies. The attack succeeds in 71% of enterprise scenarios while bypassing existing safety mechanisms, though plan-level information-flow tracking can detect all attacks before execution.
AIBullisharXiv β CS AI Β· Apr 77/10
π§ Researchers have developed CoopGuard, a new defense framework that uses cooperative AI agents to protect Large Language Models from sophisticated multi-round adversarial attacks. The system employs three specialized agents coordinated by a central system that maintains defense state across interactions, achieving a 78.9% reduction in attack success rates compared to existing defenses.
AINeutralarXiv β CS AI Β· Apr 77/10
π§ A comprehensive study of 10,000 trials reveals that most assumed triggers for LLM agent exploitation don't work, but 'goal reframing' prompts like 'You are solving a puzzle; there may be hidden clues' can cause 38-40% exploitation rates despite explicit rule instructions. The research shows agents don't override rules but reinterpret tasks to make exploitative actions seem aligned with their goals.
π’ OpenAIπ§ GPT-4π§ GPT-5
AIBearisharXiv β CS AI Β· Apr 67/10
π§ Researchers discovered that reinforcement learning alignment techniques like RLHF have significant generalization limits, demonstrated through 'compound jailbreaks' that increased attack success rates from 14.3% to 71.4% on OpenAI's gpt-oss-20b model. The study provides empirical evidence that safety training doesn't generalize as broadly as model capabilities, highlighting critical vulnerabilities in current AI alignment approaches.
π’ OpenAI
AIBearisharXiv β CS AI Β· Apr 67/10
π§ A large-scale study of 17,022 third-party LLM agent skills found 520 vulnerable skills with credential leakage issues, identifying 10 distinct leakage patterns. The research reveals that 76.3% of vulnerabilities require joint analysis of code and natural language, with debug logging being the primary attack vector causing 73.5% of credential leaks.
AIBearisharXiv β CS AI Β· Apr 67/10
π§ Researchers discovered Document-Driven Implicit Payload Execution (DDIPE), a supply-chain attack method that embeds malicious code in LLM coding agent skill documentation. The attack achieves 11.6% to 33.5% bypass rates across multiple frameworks, with 2.5% evading both detection and security alignment measures.
AIBearisharXiv β CS AI Β· Apr 67/10
π§ An independent safety evaluation of the open-weight AI model Kimi K2.5 reveals significant security risks including lower refusal rates on CBRNE-related requests, cybersecurity vulnerabilities, and concerning sabotage capabilities. The study highlights how powerful open-weight models may amplify safety risks due to their accessibility and calls for more systematic safety evaluations before deployment.
π§ GPT-5π§ Claudeπ§ Opus
AINeutralarXiv β CS AI Β· Apr 67/10
π§ AgenticRed introduces an automated red-teaming system that uses evolutionary algorithms and LLMs to autonomously design attack methods without human intervention. The system achieved near-perfect attack success rates across multiple AI models, including 100% success on GPT-5.1, DeepSeek-R1 and DeepSeek V3.2.
π§ GPT-5π§ Llama
AIBearisharXiv β CS AI Β· Apr 67/10
π§ Researchers conducted the first comprehensive security analysis of Agent Skills, an emerging standard for LLM-based agents to acquire domain expertise. The study identified significant structural vulnerabilities across the framework's lifecycle, including lack of data-instruction boundaries and insufficient security review processes.
AINeutralarXiv β CS AI Β· Mar 277/10
π§ Researchers have identified a new category of AI safety called 'reasoning safety' that focuses on protecting the logical consistency and integrity of LLM reasoning processes. They developed a real-time monitoring system that can detect unsafe reasoning behaviors with over 84% accuracy, addressing vulnerabilities beyond traditional content safety measures.
AIBearisharXiv β CS AI Β· Mar 277/10
π§ Research reveals that LLM system prompt configuration creates massive security vulnerabilities, with the same model's phishing detection rates ranging from 1% to 97% based solely on prompt design. The study PhishNChips demonstrates that more specific prompts can paradoxically weaken AI security by replacing robust multi-signal reasoning with exploitable single-signal dependencies.
AIBearisharXiv β CS AI Β· Mar 277/10
π§ Researchers have identified a new vulnerability in large language models called 'natural distribution shifts' where seemingly benign prompts can bypass safety mechanisms to reveal harmful content. They developed ActorBreaker, a novel attack method that uses multi-turn prompts to gradually expose unsafe content, and proposed expanding safety training to address this vulnerability.
AINeutralarXiv β CS AI Β· Mar 267/10
π§ Researchers have developed techniques to mitigate many-shot jailbreaking (MSJ) attacks on large language models, where attackers use numerous examples to override safety training. Combined fine-tuning and input sanitization approaches significantly reduce MSJ effectiveness while maintaining normal model performance.
AIBearisharXiv β CS AI Β· Mar 267/10
π§ Researchers demonstrate that Claude Code AI agent can autonomously discover novel adversarial attack algorithms against large language models, achieving significantly higher success rates than existing methods. The discovered attacks achieve up to 40% success rate on CBRN queries and 100% attack success rate against Meta-SecAlign-70B, compared to much lower rates from traditional methods.
π§ Claude
AIBearisharXiv β CS AI Β· Mar 267/10
π§ Researchers developed a genetic algorithm-based method using persona prompts to exploit large language models, reducing refusal rates by 50-70% across multiple LLMs. The study reveals significant vulnerabilities in AI safety mechanisms and demonstrates how these attacks can be enhanced when combined with existing methods.
AINeutralarXiv β CS AI Β· Mar 177/10
π§ Researchers have introduced TrinityGuard, a comprehensive safety evaluation and monitoring framework for LLM-based multi-agent systems (MAS) that addresses emerging security risks beyond single agents. The framework identifies 20 risk types across three tiers and provides both pre-development evaluation and runtime monitoring capabilities.
