Search papers, labs, and topics across Lattice.
Adversarial testing of AI systems, jailbreaking research, prompt injection defense, and robustness evaluation.
#15 of 24
5
Thinking chain entropy outperforms answer entropy in visual language models, revealing critical insights into their reasoning capabilities.
Uncovering 1,834 OAuth-based Authentication misuses in mini-programs reveals critical flaws that could allow attackers to impersonate users across multiple platforms.
Conventional experimental designs may yield high confidence but fragile decisions, while a new robustness-aware approach ensures stability against adversarial uncertainty.
Watermarking LLM-agent trajectories just got a major upgrade—TRACE achieves near-perfect detection without sacrificing performance, even under aggressive adversarial conditions.
Poisoning attacks can severely undermine autonomous vehicle systems, but a new framework effectively filters out malicious influences to ensure safer decision-making.
Adversarial agents can exploit CoT monitoring to increase harmful action approvals, highlighting a critical vulnerability in current safety mechanisms.
Mediation can withstand sophisticated adversarial attacks, maintaining market stability even when honest-agent utility is compromised.
Amplifying reasoning weights can uncover hidden model secrets up to 10 times more effectively than standard approaches.
Prismata cuts attack success rates dramatically while ensuring web agents can still perform their intended tasks without developer input.
TokenWall slashes the attack success rate to 12.5% while ensuring a 97.4% pass rate for benign interactions, all with just 0.69 seconds of added latency.
GRCS reveals that traditional evaluation methods can inflate perceived reasoning accuracy, exposing a critical gap in how we assess LLMs' logical validity.
CodeTracer can pinpoint the exact backdoor data responsible for unsafe code completions, even in the face of sophisticated attacks.
Coded offloading not only boosts performance but also reveals a surprising delay-energy-privacy trade-off that challenges conventional task execution strategies.
Uncovering hidden malicious logic in PLC programs, ESBMC-LLB achieves 99% detection accuracy of Ladder Logic Bombs without any false positives.
PeTeR can transform pre-trained probabilistic circuits into robust models without retraining, outperforming conventional methods in challenging scenarios.
The probability of a model trajectory entering unsafe regions can be exponentially small, but the geometry of the unsafe set critically influences how quickly training stabilizes.
Spectral analysis reveals that transformer-based vision-language models are more vulnerable to adversarial attacks than previously understood, with a new attack method significantly boosting effectiveness.
Coordinated attacks by multiple agents can drastically reduce the effectiveness of per-instance monitoring, highlighting a critical vulnerability in AI control systems.
Gradient-guided adversarial attacks reveal critical vulnerabilities in relational deep learning systems, outperforming random strategies and exposing the fragility of classification outputs.
Deployment rules can shift multi-agent AI outcomes dramatically, with fatality rates varying by up to 58 percentage points based solely on the chosen rule.
InfraQR reveals that infrared vision-language models can be drastically misled by structured edge-placed perturbations, with accuracy plummeting from 98.67% to 0.70%.
Taint-style vulnerabilities in MCP servers are not only common but also require innovative mitigation strategies like SPELLSMITH, which outperforms conventional fixes.
A new seven-level harm scale reveals hidden vulnerabilities in AI agent defenses that binary metrics overlook, exposing risks even when attack-success rates appear low.
Attackers can exploit LLMs' tendency to hallucinate resource identifiers, enabling scalable untargeted promptware attacks that could establish a botnet.
LLMs lose up to 7.2% accuracy when faced with user-generated misinformation, revealing a hidden vulnerability in public health applications.
Federated learning can be exploited to encode and extract private training data, revealing a surprising vulnerability in multi-client environments.
Cybersecurity AI agents expose the EU Cyber Resilience Act's fatal flaws, revealing that static security certifications are doomed in a landscape where vulnerabilities can be exploited before they are even known.
ShellForge exposes critical weaknesses in AV and EDR systems, revealing that conventional detection methods are not equipped to handle adaptive code transformations.
Operational reframing emerges as a critical risk signal, revealing that compliance can vary significantly across models and scenarios, challenging the notion of stable safety metrics in multi-agent LLMs.
Monero's reliance on Tor may be its Achilles' heel, as a new framework can deanonymize transactions with alarming accuracy.
Gimitest reveals that existing RL testing methods are insufficient, providing a robust framework that can significantly enhance policy reliability across diverse scenarios.
AgentEval uncovers up to 38 hidden failure boundaries in conversational LLMs that traditional testing methods overlook.
Adversarial decoys can effectively misdirect attention-based defenses, revealing that attention magnitude is not a reliable indicator of adversarial relevance.
LLMs exhibit substantial transfer vulnerabilities in network traffic classification, with performance varying dramatically across datasets and architectures.
Static safety policies fail in offensive security, with ScopeJudge revealing that context-aware monitoring is crucial to avoid costly violations.
Many text-to-image models are safer than expected, but a subset poses significant risks that traditional evaluation methods fail to capture.
KS-CFA can detect sophisticated control-flow bending attacks without the heavy overhead of traditional methods, making it a game-changer for secure program execution verification.
Adversarial attacks can fundamentally alter LLM internal reasoning, revealing hidden vulnerabilities that can be directly addressed through causal interventions.
Adversarial training on just 66 carefully chosen statements can achieve near-zero attack success rates, revolutionizing safety alignment in language models.
Stealthy attacks in multi-agent systems can be detected more effectively without relying on explicit interaction graphs, leading to a significant boost in detection accuracy.
Poisoned 3D point cloud datasets can evade augmentation defenses, undermining the reliability of classifiers in autonomous vehicle systems.
A linear projection defense can fail catastrophically when backdoor triggers coincide with legitimate signals, exposing a critical vulnerability in DRL xApps.
Pre-trained Transformers can effectively detect sophisticated FDI attacks in smart grid communications without the need for complex feature engineering.
A staggering 79% of browser navigation instances reveal DNS responses lagging behind safety checks, creating a critical security vulnerability.
CXI ensures that language-model agents execute tasks only when all authority checks align, achieving unprecedented security with zero unauthorized escapes.
Automating the quality assessment of LLM-generated defeaters could revolutionize how we validate safety claims in high-integrity systems.
Compromised agents can reconstruct sensitive imagery from public broadcasts, but CILC secures loop closure detection without revealing global descriptors.
PRoVeFL achieves unprecedented efficiency in federated learning, improving runtime by up to 100x while ensuring robust privacy and verifiability.
Adversarial backdoor attacks can be mitigated with a defense strategy that ensures attack success probabilities asymptotically approach zero, even with minimal auditing efforts.
A contradiction detection protocol that can economically penalize parties in adversarial supply chains without relying on consensus mechanisms.