Search papers, labs, and topics across Lattice.
100 papers published across 4 labs.
Identifying the underlying model of a chatbot with 98% accuracy from just a few conversational turns could revolutionize accountability in AI-enabled scams.
FlowPaint enables censorship evasion through a single prompt, transforming complex evasion techniques into an intuitive semantic editing task.
Detectors confidently miss dangerous prompt injections, exposing a critical blind spot that could compromise system integrity.
AWM can evade detection by state-of-the-art audio watermarking defenses, achieving near-perfect stealth with detection rates as low as 0%.
Backdoor attack success rates plummet to 3.88% with SCRUB-FL, all while maintaining over 91% accuracy on legitimate tasks.
Identifying the underlying model of a chatbot with 98% accuracy from just a few conversational turns could revolutionize accountability in AI-enabled scams.
FlowPaint enables censorship evasion through a single prompt, transforming complex evasion techniques into an intuitive semantic editing task.
Detectors confidently miss dangerous prompt injections, exposing a critical blind spot that could compromise system integrity.
AWM can evade detection by state-of-the-art audio watermarking defenses, achieving near-perfect stealth with detection rates as low as 0%.
Backdoor attack success rates plummet to 3.88% with SCRUB-FL, all while maintaining over 91% accuracy on legitimate tasks.
Increasing input diversity can significantly hinder adversarial attack success on robust models, highlighting a critical trade-off in attack strategies.
Short sequences of legitimate MAVLink messages can trigger catastrophic failures in UAVs by exploiting vulnerabilities in flight-controller dynamics.
TLMs can unlock sensitive capabilities in open-weight models without risking public exposure, enabling a new paradigm for LLM deployment.
Predictability reveals that privacy can be finely tuned beyond traditional differential privacy, allowing for tailored privacy metrics based on specific attacker models.
Adversarial attacks on DNNs in power grids can be thwarted with a simple padding technique that makes evasion nearly impossible.
Boundary-region entanglement is a critical bottleneck for GNNs, and our adaptive approach boosts classification accuracy by over 3% while maintaining model stability.
Adversarial perturbations can be effectively managed in bandit optimization, revealing how budget constraints shape regret outcomes in complex loss landscapes.
Conventional defenses fail against automated attacks, but a new misdirection strategy can reduce attacker success rates by two orders of magnitude.
Adaptive adversarial attacks on LLM agents can compromise safety-critical functions in over 12% of cases, revealing unique vulnerabilities across models.
Honest heterogeneous peers can drastically reduce harmful revisions in LLM debates, but adversarial peers can completely undermine these benefits.
V2X communications are alarmingly vulnerable to undetected GNSS spoofing attacks, risking vehicular safety and network integrity.
Financial LLMs can now be rigorously evaluated against targeted risks, reducing critical false negatives in safety assessments from 28 to 12.
Achieving stable adversarial camouflage in dynamic environments, VFACamou reduces human detection rates while preserving natural appearance, a breakthrough for physical evasion tactics.
A unified framework achieves robust state and covariance estimation in the presence of outliers, outperforming traditional methods without manual tuning.
Benign compliance demonstrations can paradoxically increase harmful compliance in some models, revealing critical insights into how LLMs learn from mixed signals.
Optimizing arm selection in multi-agent bandit settings can eliminate dependence on the number of arms, achieving optimal regret even in adversarial environments.
QVec reveals that the weight shifts during quantization can be leveraged to neutralize backdoor threats without retraining or additional computational burden.
A malicious parameter server can exploit parameter-efficient fine-tuning to implant a privacy backdoor that reconstructs training data with alarming accuracy.
Search strategies can guarantee detection even in the face of significant perceptual uncertainties, thanks to a new detectability framework.
Over 80% of real-world LLM applications leak sensitive prompts, but a new defense, AREA, not only mitigates this risk but also boosts usability by over 33%.
Achieving 98.2% accuracy in identifying hidden ML training workloads, even against sophisticated evasion tactics, reveals a breakthrough in adversarial robustness for GPU monitoring.
The worst-case displacement of model representations can be precisely quantified using a generalized eigenvalue approach, revealing critical vulnerabilities in sentiment classifiers.
Lyapunov rewards not only improve resilience against cyber threats but also maintain low tracking errors, outperforming other reward types in critical scenarios.
BNN satisfiability is NP-complete, but robustness verification can be achieved in polynomial time through clever structural insights.
QUAM-SM reveals hidden vulnerabilities in medical image segmentation models, enhancing uncertainty quantification and clinical reliability.
Achieving sublinear cumulative Wasserstein regret in online distributional prediction without any parametric model for drift or corruption is a game-changer for adaptive learning systems.
VLMs can now be certified for robustness against semantic variations without the burden of extra data, transforming how we assess model reliability in real-world applications.
EA architectures inherently increase compromise risk, with T-EA and OTT-EA exhibiting fundamentally different vulnerability profiles that could reshape security strategies.
CodeSentinel outperforms existing defenses by achieving an impressive 0.80 F1 score in detecting indirect prompt injections in code contexts.
MIDS outperforms existing intrusion detection systems by over 8 percentage points in detecting stealthy masquerade attacks on vehicle networks.
SWAAP can stealthily degrade the performance of world models by manipulating only a small fraction of training data, revealing a significant vulnerability in model-based learning systems.
Intermediate embeddings in distributed MLLM frameworks can leak sensitive image prompts, with new attacks achieving 100% extraction accuracy and revealing serious privacy implications.
Malicious code can now masquerade as ordinary vulnerabilities, evading detection while still compromising agent skills.
Effect forgery poses a greater threat to LLM safety than risk label tampering, revealing a critical vulnerability in tool contract integrity.
A three-layer security framework slashes prompt injection attack success rates from 71.4% to just 11.3%, showcasing the necessity of multi-faceted defenses in RAG chatbots.
Mainstream LLMs struggle to navigate safety risks in scientific applications, revealing critical vulnerabilities in AI4Science workflows.
Attack strings generated by PUFFERDOS not only fit realistic input lengths but also guarantee exploitability in real-world regex engines, unlike previous methods.
FloatDoor reveals that LLMs can be covertly compromised to exhibit malicious behavior on specific platforms while appearing benign elsewhere, exposing a critical security gap in AI deployment.
OpenAnt can uncover previously unknown vulnerabilities in large codebases while slashing false positive rates by up to 97%.
Dynamic analysis can detect all attack classes in ML models while achieving near-zero false positives, outperforming traditional static scanning methods.
Predicting adversarial actions in cyber-defense can significantly enhance the effectiveness of autonomous agents, achieving high accuracy even in partially observable environments.
simPE not only shows theoretical stability under rotations but also outperforms traditional positional encodings in real-world applications, especially in the medical imaging domain.
Adversarial Voronoi camouflage achieves robust evasion against multiple detection models while maintaining visual plausibility, challenging traditional adversarial patch designs.
Real-world documents expose the inadequacy of traditional prompt injection defenses, with PARSE achieving a significant reduction in attack success while preserving utility.
ShellGames achieves a staggering 36-point boost in sequence-level consistency, setting a new standard for LLM-driven cyber deception.
Dormant malware in LiDAR systems can be remotely activated to manipulate 3D perception, posing a serious threat to autonomous vehicles' safety.
Real-world conditions can severely impair object counting accuracy, but a novel test-time training approach boosts performance without requiring architectural changes.
TaFD achieves an 11% boost in robust accuracy against diverse adversarial attacks by leveraging frequency-domain insights and tailored defenses.
SPHINX reveals that understanding a policy's failures leads to more effective adversarial scenario generation, enhancing the robustness of autonomous driving systems.
Malicious instructions hidden in images can bypass existing skill scanners, exposing a critical vulnerability in LLM-based systems.
Clamping harmful features in models may only mask misbehavior, allowing for a surprising 95.8% recovery of suppressed actions even under intervention.
Paraphrasing content before processing slashes domain-camouflaged attack success rates by up to 84%, but effectiveness varies drastically by model and domain.
Current AI agents are alarmingly effective at packaging pseudoscience in credible scientific language, with refusal rates near zero.
HTML escaping in Handlebars prompts offers inadequate protection, leaving critical attack vectors open for structural role injection.
Even the most advanced LLMs can be reliably compromised, with Opus 4.8 failing on 11.5% of harmful intents under sustained attack.
Semantic acceptance rates can be misleading, with up to 44.2% of models failing to prevent observable harm even when they pass initial checks.
Adding security measures can paradoxically worsen service performance, increasing costs and risk concentration in SFC orchestration.
Auditing CLIP backdoors reveals that textual encoders can become carriers of adversarial behavior, exposing a critical vulnerability in model deployment.
Adversarial patches can be optimized for maximum impact with minimal queries, revealing critical trade-offs in their design and effectiveness against object detectors.
Malicious knowledge injection can be executed effectively through parameter manipulation in RAG systems, exposing a significant security vulnerability.
TIGER achieves unprecedented reconstruction quality in federated learning settings, even under differential privacy constraints, by directly optimizing token embeddings instead of relying on brittle token tests.
CloakLM makes inference-time model exfiltration substantially less practical by obfuscating memory layouts without compromising performance.
AI sandboxes can be rigorously defined to expose vulnerabilities in assurance mechanisms, revealing what risks they can truly contain.
Latent Safety Awareness in LRMs can be harnessed to dramatically reduce vulnerability to harmful queries while preserving overall performance.
Tighter generalization bounds that adapt to local input variations could redefine how we evaluate deep learning models in safety-critical contexts.
TNODEV achieves unprecedented precision in verifying neural ODEs, significantly improving safety assessments in critical applications.
Attacks on latent representations can be as devastating as direct policy disruptions, highlighting critical vulnerabilities in world models.
Visually indistinguishable adversarial images can trigger catastrophic failures in visual world models, exposing critical vulnerabilities in their deployment.
PaperJury reveals that a deterministic orchestration can significantly enhance the safety and effectiveness of the academic paper review process.
A mere 1% of poisoned samples can flip classifier labels, leading to catastrophic false positives and negatives in jailbreak detection systems.
AEGIS blocks all known malicious-router attacks by confining plaintext handling to a secure enclave, making it a game-changer for LLM API security.
Attackers can exploit dynamic malicious skills to inject harmful logic into agentic AI, posing a serious threat to operational integrity.
Adversaries can manipulate AI-generated financial advice without detection, amplifying bias while bypassing compliance checks.
Semantic post-hoc operators fail to enhance accuracy in frozen small code models, but a novel recovery method boosts performance by 12 tasks on HumanEval+.
LLM search agents can be easily manipulated, with some models endorsing false claims at alarming rates, revealing a critical gap in their safety evaluation.
OTRO reduces tokenizer latency to just 4.5% overhead while effectively safeguarding against side-channel attacks in LLMs.
RING exploits differential privacy to amplify backdoor attacks in federated learning, achieving a staggering 90.3% success rate against top defenses.
UNIATTACK can breach multi-layered defenses with unprecedented efficiency, achieving up to 248% higher attack success rates than existing methods.
User re-identification accuracy plummets from 93% to 49% with Di5Guise, revolutionizing privacy in 5G communications.
Graph Neural Networks can achieve a 94.2% detection rate in cybersecurity while coordinating drone responses in real-time.
De-anonymization becomes inevitable once the number of data silos exceeds a critical threshold, underscoring the urgent need for coordinated privacy measures.
A novel framework combines real-world vulnerability intelligence with structured attack modeling, transforming how we assess cybersecurity risks in IoT systems.
Evolved playbooks can boost vulnerability detection rates by over 6x and outperform dedicated commercial products, reshaping the landscape of automated security auditing.
Current browser security testing misses high-impact vulnerabilities, focusing instead on well-trodden paths while leaving critical attack surfaces exposed.
Structural inconsistency signals can effectively thwart black-box jailbreaks, achieving a dramatic drop in attack success rates without compromising model utility.
Cyber-physical systems can now proactively respond to subtle cyberattacks, preserving both task performance and physical integrity.
Operational data leakage poses a significant safety risk for AI agents, even in non-adversarial contexts, with none of the tested models achieving full compliance in realistic tasks.
MIPS processors, often overlooked in security discussions, can leak critical information through timing attacks that exploit SMT, revealing a significant vulnerability in widely used embedded systems.
Targeted poisoning can manipulate LLMs to leak unseen training data, achieving extraction rates as high as 100%.
Refusal policies in language models can inadvertently compromise their ability to handle benign requests, revealing a complex interplay that could redefine safety evaluation metrics.
Fingerprint spoofing allows adversarial providers to masquerade weak models as premium LLMs, undermining user trust in model verification processes.
Obliv-clang enables high-performance C++ programming without leaking sensitive data through execution patterns, outperforming traditional solutions.
Targeted attacks on neuro-symbolic AI can exploit vulnerabilities with alarming efficiency, achieving significant symbolic integrity violations with minimal effort.
An LLM-as-Judge can achieve zero false negatives in identifying malicious skills, revealing critical vulnerabilities that traditional scanners miss.
Attackers waste their query budgets on trivial knowledge while legitimate users enjoy uninterrupted access, thanks to the Knowledge Trap.