Search papers, labs, and topics across Lattice.
97 papers published across 5 labs.
Strategic red teaming can transform how organizations govern AI by systematically exposing and testing the assumptions behind their decisions.
A mere three poisoned samples can render a robot completely non-functional, highlighting a severe vulnerability in open-source robotics.
Reducing noise in differential privacy can lead to significant gains in model accuracy while still effectively mitigating reconstruction attacks.
A single poisoned rule can corrupt 85% of LLM context, exposing a critical vulnerability in mission control systems for IoBT.
Adversarial purification can be dramatically improved by focusing on patch-level semantics, leading to state-of-the-art performance in defending against adversarial attacks.
A mere three poisoned samples can render a robot completely non-functional, highlighting a severe vulnerability in open-source robotics.
Reducing noise in differential privacy can lead to significant gains in model accuracy while still effectively mitigating reconstruction attacks.
A single poisoned rule can corrupt 85% of LLM context, exposing a critical vulnerability in mission control systems for IoBT.
Adversarial purification can be dramatically improved by focusing on patch-level semantics, leading to state-of-the-art performance in defending against adversarial attacks.
Membership inference attacks can now be effectively executed across multiple generative modalities with a single, unified framework.
Agentic SABRE achieves perfect discrimination in ransomware detection while reducing false escalations by nearly 5%, showcasing a new paradigm in adaptive cybersecurity.
A novel robustness verification framework ensures that AUV-based plankton classifiers maintain stability in the face of environmental noise, reducing reliance on manual validation.
kNNGuard achieves superior safety classification for LLMs without the need for fine-tuning, running 2.7x faster than existing solutions.
A simple real-time monitor can match the performance of complex safety systems, proving that less can be more in LLM safety.
Privacy-enhancing coded computing can effectively shield distributed learning from adversarial attacks while maintaining model performance across various architectures.
Safety mechanisms for LLMs are dangerously ineffective in low-resource languages, with a new attack method achieving up to 96.7% success in exploiting these gaps.
Contextual state poisoning can be thwarted with a robust protocol that not only secures agent memory but also allows for traceable recovery from malicious alterations.
Strategic red teaming can transform how organizations govern AI by systematically exposing and testing the assumptions behind their decisions.
A two-signal audit can detect compromised refusal mechanisms in AI checkpoints with 95% accuracy, revealing significant flaws in existing runtime guard methods.
Gradient-based attacks can mislead by suggesting high robustness in XGBoost classifiers, while actually destabilizing their explanations.
Static scanners fail against adaptive evasions, but a new behavior-centric auditor can detect 97% of malicious skills with minimal false positives.
A novel backdoor attack method can embed multiple triggers in speech models while remaining imperceptible to human listeners.
BOUND slashes package hallucination rates by nearly 80%, safeguarding LLM-assisted software development from potential supply chain attacks.
Achieving up to 36.90% reduction in false positive rates, MARVEL transforms OOD detection for clinical AI systems by effectively addressing data imbalance and unseen cases.
High-capacity LiDAR detectors are more vulnerable to adversarial attacks than their predecessors, challenging the assumption that newer models are inherently more robust.
Clean label backdoor attacks can now bypass traditional defenses in speech classification systems, exposing critical vulnerabilities that were previously thought secure.
Targeted interventions can significantly enhance the robustness of CLIP models against Typographic Attacks without additional training, outperforming existing defense methods.
Models frequently misjudge safety across different intents, revealing critical vulnerabilities in AI completion systems that could lead to harmful outcomes.
Guardrail detection in LLMs can be achieved with 100% accuracy, revealing critical insights into AI safety mechanisms that could reshape adversarial strategies.
Evasion rates for distributed attacks on AI coding agents can exceed 65%, highlighting a critical vulnerability in persistent-state systems that traditional monitoring fails to address.
Vera reveals that existing LLM agents exhibit up to 93.9% vulnerability to multi-channel attacks, highlighting a significant gap in current safety evaluations.
Adversarial pragmatics reveals that existing safety evaluations often obscure critical distinctions in model behavior, making it harder to pinpoint the root causes of failures.
Adversaries can exploit structural vulnerabilities in function-calling LLMs to bypass safety measures, achieving high success rates with minimal effort.
Adversarial evasion attacks can be effectively countered with near-perfect detection rates by integrating reconstruction error tracking and perturbation consistency checks in both image and packet-feature spaces.
KidnapRAG reveals how a clever sequence of poisoned documents can subvert the reasoning of advanced RAG systems, showcasing a critical vulnerability in their design.
Minos achieves a remarkable average recall of 0.92 in tracking cyber attacks, showcasing the power of LLM-driven reasoning in forensic analysis.
Malicious apps can exploit third-party mobile agents to execute arbitrary commands without any elevated permissions, revealing a dangerous trust gap in agent design.
Adversarial purification can be revolutionized by a novel framework that introduces learnable positive-incentive noise, achieving robust ASV performance with minimal latency.
The first comprehensive framework for understanding the security risks and defenses of mobile on-device AI systems reveals critical gaps that could jeopardize user privacy and data integrity.
Aha-moment-driven backdoor attacks can redirect reasoning in VLMs while preserving output coherence, making them harder to detect.
Adversaries can exploit overthinking in LVLMs to induce inference delays of up to 6.96x, jeopardizing robotic safety and performance.
Standard cell libraries, often assumed to be secure, can be weaponized to stealthily insert Hardware Trojans, posing a critical risk to hardware integrity.
Tailored queries can expose the embedding model used in retrieval systems, even when adversaries only see unordered document sets.
Iterative regeneration reveals that memorized samples maintain coherence far better than non-members, transforming how we approach membership inference in generative models.
Textual refusal directions can be harnessed to enhance multimodal safety without the need for unsafe multimodal data, revealing a powerful alignment strategy.
Adopting adversarial distillation can boost certified accuracy by over 5% while maintaining robust performance, reshaping the landscape of certified training.
A new robustness measure reveals that neural networks can maintain accuracy under significant input noise, challenging assumptions about their vulnerability.
Membership inference attacks can exploit tabular ICL, but TabPATE offers a robust defense that preserves model utility without requiring public data.
Achieving optimal regret and constraint violation without relying on Slater's condition could revolutionize how we approach online convex optimization.
AutoSafe enables seamless integration of safety and performance in online reinforcement learning, achieving robust safety without sacrificing learning smoothness.
Overconfidence in LLM-generated code is rampant, with models often misjudging the security of their outputs, raising significant concerns for software safety.
Linking software vulnerabilities to attacker behaviors reveals critical insights for proactive threat mitigation in cybersecurity.
RAISE keeps LLM-based heuristics resilient, outperforming traditional methods by up to 19 times under real-world distribution shifts.
FLARE-AI transforms the fragmented AI flaw reporting landscape by enabling a single report to reach multiple stakeholders, enhancing collaboration and speeding up remediation efforts.
Hallucinations in task-oriented dialogue can be cut by nearly half using a simple guided recovery prompt, even in the face of database failures.
Triospect significantly outperforms existing detectors, achieving up to 22.3% better accuracy against 17 different adversarial attacks.
LLMs show significant vulnerability to logical fallacies, with distinct profiles of resilience that could inform future model training strategies.
PRT cuts testing costs by over 50% while improving failure detection in DRL agents by targeting failure-prone tasks.
Phantom achieves a remarkable 27.8% increase in deepfake protection success rates while maintaining high visual fidelity, redefining standards for facial privacy safeguards.
UTMOS is vulnerable to attacks that can manipulate perceived speech quality while preserving or degrading its predicted scores, revealing critical flaws in its robustness.
MAPE achieves over 95% defense rates against transferable adversarial attacks, setting a new benchmark for robustness in neural networks.
Late-stage vulnerabilities in Federated Learning can be effectively mitigated by a hybrid defense that amplifies adversarial signals, achieving a 2.3x reduction in backdoor attack success rates.
DEW achieves robust watermarking that withstands semantic shifts, outperforming existing methods in detection after paraphrasing and translation.
Trust boundaries in LLM systems are failing, allowing untrusted data to become executable instructions and amplifying model errors through delegated authority.
CSO-LLM achieves unprecedented backdoor detection accuracy in LLMs by leveraging implicit blacklisting and optimizing token embeddings.
Trust can be finely tuned in Byzantine CRDTs, allowing systems to maintain causal consistency even when participants turn malicious.
AI-generated C++ code is twice as likely to trigger runtime violations compared to human-written code, challenging the reliability of static analysis alone for safety evaluations.
AI-Infra-Guard reveals that a unified security framework can effectively address the diverse attack surfaces of AI agents, making it a game-changer for AI safety.
Memory poisoning attacks leave behind a detectable signature that can be identified with over 99% accuracy across various LLM architectures.
Parameter-level defenses against model merging are fundamentally flawed, allowing attackers to exploit their weaknesses with a new Anchor-Guided Attack.
Awareness of evolving manipulation costs can significantly enhance the robustness of algorithmic systems against strategic gaming.
Automated adversarial mitigation can now disrupt attacks while preserving network functionality, achieving a 46.7% success rate in real-world scenarios.
Querying the right samples can reduce black-box MIA costs by over 80% without sacrificing accuracy.
Achieving post-quantum security in 5G bootstrapping with 33x lower delay and 31x less overhead than prior methods could redefine secure communications in next-gen networks.
Stealthy near-infrared attacks can successfully manipulate traffic sign classification, posing significant risks to autonomous vehicle safety.
Balancing survivability and security in secret storage could redefine how we approach network resilience against both degradation and attacks.
CLIP can be harnessed to detect adversarial attacks without any prior knowledge of the attack type or underlying model, achieving state-of-the-art results in a black-box setting.
Adversarial attacks on Speech Emotion Recognition can now be both effective and interpretable, thanks to SIGMA's innovative saliency-guided approach.
RAPS-DA reveals that targeted peer specialization can dramatically enhance RAG performance by effectively managing knowledge conflicts without increasing model complexity.
Targeted low-rank repair can effectively detoxify backdoored LLMs without the need for full retraining, preserving benign behavior while suppressing malicious outputs.
Hidden harmful supervision can infiltrate training data without detection, undermining the effectiveness of current safety measures.
A single compromised communication edge can account for up to 75% of total attack success in multi-agent systems, revealing critical vulnerabilities that can be proactively mitigated.
Thousands of AI-Apps are leaking sensitive credentials and harboring vulnerabilities that could lead to arbitrary code execution, revealing a critical security crisis in the AI ecosystem.
No defense against prompt injection can achieve both high security and high fidelity, exposing a hidden cost that could compromise critical tasks in LLM applications.
Ownership of machine learning models can only be proven when the underlying concept class isn't self-correctable, revealing a critical vulnerability in model security.
LLM-generated PowerShell malware exhibits an alarming 84.5% similarity to real-world threats, underscoring a new frontier in cybersecurity risks.
GoodDiffusion's innovative use of learnable signatures can thwart unauthorized access while preserving high-quality outputs for legitimate users, a game-changer for copyright protection in generative models.
Forged watermarks in latent diffusion models are fundamentally limited by an irreducible distortion floor, revealing critical vulnerabilities in black-box settings.
LiDAR-based 3D object detectors can be compromised by targeting just a few critical spatial regions, revealing a significant structural vulnerability.
Adversarial attacks can flip the trajectory selection in generative driving planners, leading to a staggering 50% increase in collision rates.
A stealthy low-power backdoor attack can selectively manipulate semantic inference in shared-access wireless networks, exposing significant vulnerabilities in current SemCom systems.
Detection rates for harmful ASCII art plummet beyond certain resolution thresholds, exposing a critical vulnerability in VLM moderation systems.
Hallucinated outputs trigger unique gradient patterns in LLMs, enabling AURORA to achieve superior detection performance across diverse tasks and models.
Prompt-time defenses miss 50% of prefilling attacks, but a novel response-time probing method can eliminate these vulnerabilities entirely.
A well-defined operational envelope could revolutionize how we assess and mitigate risks in AI systems, ensuring safer deployments.
Legal accountability magnifies existing threats to autonomous agents in finance, revealing that security is more about practical compliance than novel attack vectors.
Transformers can be rigorously evaluated for their cryptographic capabilities, revealing upper bounds on their computational power that could redefine security in AI systems.
All tested LLMs are vulnerable to prompt injections, with non-English languages posing an even greater risk for generating malicious content.
Backdoor attacks on self-supervised models can be effectively countered without any reliance on labels or training data, achieving substantial performance gains across multiple attack types.
QuantGuard effectively neutralizes quantization-conditioned backdoor attacks, achieving attack success rates comparable to clean models without sacrificing performance.
OASIF achieves up to 16.9 percentage points improvement in instruction-following success rates for LLMs facing commercial-grade obfuscation, redefining the limits of automated binary analysis.
Specific audio transformations can fool deepfake detectors while preserving intelligibility, revealing vulnerabilities that can be exploited for targeted retraining.