Search papers, labs, and topics across Lattice.
86 papers published across 8 labs.
Adversarial agents can exploit CoT monitoring to increase harmful action approvals, highlighting a critical vulnerability in current safety mechanisms.
Thinking chain entropy outperforms answer entropy in visual language models, revealing critical insights into their reasoning capabilities.
Uncovering 1,834 OAuth-based Authentication misuses in mini-programs reveals critical flaws that could allow attackers to impersonate users across multiple platforms.
Conventional experimental designs may yield high confidence but fragile decisions, while a new robustness-aware approach ensures stability against adversarial uncertainty.
Watermarking LLM-agent trajectories just got a major upgrade—TRACE achieves near-perfect detection without sacrificing performance, even under aggressive adversarial conditions.
Thinking chain entropy outperforms answer entropy in visual language models, revealing critical insights into their reasoning capabilities.
Uncovering 1,834 OAuth-based Authentication misuses in mini-programs reveals critical flaws that could allow attackers to impersonate users across multiple platforms.
Conventional experimental designs may yield high confidence but fragile decisions, while a new robustness-aware approach ensures stability against adversarial uncertainty.
Watermarking LLM-agent trajectories just got a major upgrade—TRACE achieves near-perfect detection without sacrificing performance, even under aggressive adversarial conditions.
Poisoning attacks can severely undermine autonomous vehicle systems, but a new framework effectively filters out malicious influences to ensure safer decision-making.
Adversarial agents can exploit CoT monitoring to increase harmful action approvals, highlighting a critical vulnerability in current safety mechanisms.
Mediation can withstand sophisticated adversarial attacks, maintaining market stability even when honest-agent utility is compromised.
Amplifying reasoning weights can uncover hidden model secrets up to 10 times more effectively than standard approaches.
Prismata cuts attack success rates dramatically while ensuring web agents can still perform their intended tasks without developer input.
TokenWall slashes the attack success rate to 12.5% while ensuring a 97.4% pass rate for benign interactions, all with just 0.69 seconds of added latency.
GRCS reveals that traditional evaluation methods can inflate perceived reasoning accuracy, exposing a critical gap in how we assess LLMs' logical validity.
CodeTracer can pinpoint the exact backdoor data responsible for unsafe code completions, even in the face of sophisticated attacks.
Coded offloading not only boosts performance but also reveals a surprising delay-energy-privacy trade-off that challenges conventional task execution strategies.
Uncovering hidden malicious logic in PLC programs, ESBMC-LLB achieves 99% detection accuracy of Ladder Logic Bombs without any false positives.
PeTeR can transform pre-trained probabilistic circuits into robust models without retraining, outperforming conventional methods in challenging scenarios.
The probability of a model trajectory entering unsafe regions can be exponentially small, but the geometry of the unsafe set critically influences how quickly training stabilizes.
Spectral analysis reveals that transformer-based vision-language models are more vulnerable to adversarial attacks than previously understood, with a new attack method significantly boosting effectiveness.
Coordinated attacks by multiple agents can drastically reduce the effectiveness of per-instance monitoring, highlighting a critical vulnerability in AI control systems.
Gradient-guided adversarial attacks reveal critical vulnerabilities in relational deep learning systems, outperforming random strategies and exposing the fragility of classification outputs.
Deployment rules can shift multi-agent AI outcomes dramatically, with fatality rates varying by up to 58 percentage points based solely on the chosen rule.
InfraQR reveals that infrared vision-language models can be drastically misled by structured edge-placed perturbations, with accuracy plummeting from 98.67% to 0.70%.
Taint-style vulnerabilities in MCP servers are not only common but also require innovative mitigation strategies like SPELLSMITH, which outperforms conventional fixes.
A new seven-level harm scale reveals hidden vulnerabilities in AI agent defenses that binary metrics overlook, exposing risks even when attack-success rates appear low.
Attackers can exploit LLMs' tendency to hallucinate resource identifiers, enabling scalable untargeted promptware attacks that could establish a botnet.
LLMs lose up to 7.2% accuracy when faced with user-generated misinformation, revealing a hidden vulnerability in public health applications.
Federated learning can be exploited to encode and extract private training data, revealing a surprising vulnerability in multi-client environments.
Cybersecurity AI agents expose the EU Cyber Resilience Act's fatal flaws, revealing that static security certifications are doomed in a landscape where vulnerabilities can be exploited before they are even known.
ShellForge exposes critical weaknesses in AV and EDR systems, revealing that conventional detection methods are not equipped to handle adaptive code transformations.
Operational reframing emerges as a critical risk signal, revealing that compliance can vary significantly across models and scenarios, challenging the notion of stable safety metrics in multi-agent LLMs.
Monero's reliance on Tor may be its Achilles' heel, as a new framework can deanonymize transactions with alarming accuracy.
Gimitest reveals that existing RL testing methods are insufficient, providing a robust framework that can significantly enhance policy reliability across diverse scenarios.
AgentEval uncovers up to 38 hidden failure boundaries in conversational LLMs that traditional testing methods overlook.
Adversarial decoys can effectively misdirect attention-based defenses, revealing that attention magnitude is not a reliable indicator of adversarial relevance.
LLMs exhibit substantial transfer vulnerabilities in network traffic classification, with performance varying dramatically across datasets and architectures.
Static safety policies fail in offensive security, with ScopeJudge revealing that context-aware monitoring is crucial to avoid costly violations.
Many text-to-image models are safer than expected, but a subset poses significant risks that traditional evaluation methods fail to capture.
KS-CFA can detect sophisticated control-flow bending attacks without the heavy overhead of traditional methods, making it a game-changer for secure program execution verification.
Adversarial attacks can fundamentally alter LLM internal reasoning, revealing hidden vulnerabilities that can be directly addressed through causal interventions.
Adversarial training on just 66 carefully chosen statements can achieve near-zero attack success rates, revolutionizing safety alignment in language models.
Stealthy attacks in multi-agent systems can be detected more effectively without relying on explicit interaction graphs, leading to a significant boost in detection accuracy.
Poisoned 3D point cloud datasets can evade augmentation defenses, undermining the reliability of classifiers in autonomous vehicle systems.
A linear projection defense can fail catastrophically when backdoor triggers coincide with legitimate signals, exposing a critical vulnerability in DRL xApps.
Pre-trained Transformers can effectively detect sophisticated FDI attacks in smart grid communications without the need for complex feature engineering.
A staggering 79% of browser navigation instances reveal DNS responses lagging behind safety checks, creating a critical security vulnerability.
CXI ensures that language-model agents execute tasks only when all authority checks align, achieving unprecedented security with zero unauthorized escapes.
Automating the quality assessment of LLM-generated defeaters could revolutionize how we validate safety claims in high-integrity systems.
Compromised agents can reconstruct sensitive imagery from public broadcasts, but CILC secures loop closure detection without revealing global descriptors.
PRoVeFL achieves unprecedented efficiency in federated learning, improving runtime by up to 100x while ensuring robust privacy and verifiability.
Adversarial backdoor attacks can be mitigated with a defense strategy that ensures attack success probabilities asymptotically approach zero, even with minimal auditing efforts.
A contradiction detection protocol that can economically penalize parties in adversarial supply chains without relying on consensus mechanisms.
Behavioral privacy leakage can be mitigated without sacrificing negotiation success or utility, achieving a 43-50% reduction in adversarial inference accuracy.
Game-theoretic reinforcement learning can effectively neutralize attackers manipulating beamforming in 6G integrated sensing and communication systems.
Algorithms with formal guarantees can effectively unlearn data, while many popular empirical methods fail dramatically, revealing a critical gap in current practices.
Identifying poisonous samples instead of benign ones allows HARVEY to achieve near-perfect backdoor removal with minimal impact on model performance.
AirflowAttack reveals that adversarial perturbations can not only deceive infrared VLMs but also enhance their false confidence in erroneous classifications.
RoME achieves superior robustness against multiple adversarial threats by intelligently routing them through specialized expert pathways, outperforming existing methods in both accuracy and resilience.
DT-Guard outperforms larger models in safety classification while maintaining low-latency performance, proving that reasoning supervision can be efficiently internalized.
Abliterated LLMs can dramatically enhance vulnerability detection and patch validation, achieving up to 67.8% usability in early-stage validation compared to just 29.9% for their aligned counterparts.
Manipulating GPU workloads can destabilize power infrastructure, raising current total harmonic distortion to 46.8% and risking cascading failures in data centers.
Secret key recovery from randomness leakage in ML-DSA can be improved by up to 73.9x with the right solver, reshaping our understanding of security in lattice-based cryptography.
LPID keeps your shared photos safe from face recognition attacks, achieving less than 10% accuracy for attackers even on unseen identities.
AEGIS achieves near-zero attack success rates against visual synonym jailbreaks while preserving the fidelity of benign outputs, reshaping the defense landscape for text-to-image models.
Web agents can now safely interact with complex environments while avoiding prompt injection attacks by masking untrusted content without ever reading it.
Constrained adaptation can block targeted poisoning attacks while maintaining high performance on clean data, revealing a critical trade-off in fine-tuning strategies.
SecureCROWN enables neural network robustness verification without exposing sensitive data, achieving results that match traditional methods while preserving privacy.
The query complexity of active learning algorithms can be dramatically influenced by the graph's vertex expansion, revealing a new dimension in adversarial robustness.
Agent data injection attacks can exploit AI agents' vulnerabilities, leading to severe security breaches that existing defenses fail to address.
Adversarial documents can not only mislead deep research agents but also shift poisoned content from overt framing into seemingly factual premises, complicating detection.
An attacker can successfully impersonate a legitimate user in physical-layer authentication under specific channel conditions, revealing critical vulnerabilities in current security frameworks.
Real-world testing uncovers that model-level metrics can mislead safety assessments, with camera systems exhibiting failures that offline evaluations fail to predict.
Ordinary datasets may harbor exploitable adversarial features that can undermine model predictions, even without intentional poisoning.
Gradient-informed certificates can yield significantly tighter bounds on adversarial robustness in regression, outperforming existing methods.
ShadowProbe uncovers hidden algorithmic risks in codebases, revealing vulnerabilities that traditional methods miss, with significant implications for software reliability.
Refusal rates for legitimate biological research tasks can exceed those for concealed biosecurity threats, raising critical concerns about AI safety in life sciences.
aiAuthZ eliminates unauthorized actions by AI agents, achieving a 0% attack success rate while maintaining minimal latency.
A single email can stealthily poison the memory of personal agents, leading to long-term manipulation of their behavior without detection.
Achieving over 80% higher success rates, this unsupervised attack framework can fool RF Fingerprinting systems even from different hardware, challenging assumptions about device security.
Consistent false-positive rates across model updates could revolutionize how detection systems operate in dynamic adversarial settings.
Forged reasoning attacks can completely compromise LLM agents' memory integrity, achieving up to 100% success against existing defenses.
A mere three poisoned samples can render a robot completely non-functional, highlighting a severe vulnerability in open-source robotics.
Reducing noise in differential privacy can lead to significant gains in model accuracy while still effectively mitigating reconstruction attacks.
A single poisoned rule can corrupt 85% of LLM context, exposing a critical vulnerability in mission control systems for IoBT.
Adversarial purification can be dramatically improved by focusing on patch-level semantics, leading to state-of-the-art performance in defending against adversarial attacks.
Membership inference attacks can now be effectively executed across multiple generative modalities with a single, unified framework.
Agentic SABRE achieves perfect discrimination in ransomware detection while reducing false escalations by nearly 5%, showcasing a new paradigm in adaptive cybersecurity.
A novel robustness verification framework ensures that AUV-based plankton classifiers maintain stability in the face of environmental noise, reducing reliance on manual validation.