DinoCompanion: an Attachment-Theory Informed Multimodal Robot for Emotionally Responsive Child-AI Interaction

Children's emotional development fundamentally relies on secure attachment relationships, yet current AI companions lack the theoretical foundation to provide developmentally appropriate emotional support. We introduce DinoCompanion, the first attachment-theory-grounded multimodal robot for...

Pushing the Limits of Safety: a Technical Report on the ATLAS Challenge 2025

Multimodal Large Language Models MLLMs have enabled transformative advancements across diverse applications but remain susceptible to safety threats, especially jailbreak attacks that induce harmful outputs. To systematically evaluate and improve their safety, we organized the Adversarial Testing...

InfoFlood: Jailbreaking Large Language Models with Information Overload

Large Language Models LLMs have demonstrated remarkable capabilities across various domains. However, their potential to generate harmful responses has raised significant societal and regulatory concerns, especially when manipulated by adversarial techniques known as "jailbreak" attacks. Existing...

UCD: Unlearning in LLMs Via Contrastive Decoding

Machine unlearning aims to remove specific information, e.g. sensitive or undesirable content, from large language models LLMs while preserving overall performance. We propose an inference-time unlearning algorithm that uses contrastive decoding, leveraging two auxiliary smaller models, one train...

One-shot Face Sketch Synthesis in the Wild via Generative Diffusion Prior and Instruction Tuning

Face sketch synthesis is a technique aimed at converting face photos into sketches. Existing face sketch synthesis research mainly relies on training with numerous photo-sketch sample pairs from existing datasets. However, these large-scale discriminative learning methods will have to face proble...

RAS-Eval: a Comprehensive Benchmark for Security Evaluation of LLM Agents in Real-World Environments

The rapid deployment of Large language model LLM agents in critical domains like healthcare and finance necessitates robust security frameworks. To address the absence of standardized evaluation benchmarks for these agents in dynamic environments, we introduce RAS-Eval, a comprehensive security...

ExtendAttack: Attacking Servers of LRMs via Extending Reasoning

Large Reasoning Models LRMs have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a...

Towards Effective Complementary Security Analysis Using Large Language Models

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing SAST tools. Numerous false positives FPs in these reports reduce the effectiveness of security analysis. We propose using Large Language Models LLMs to...

SafeGenBench: a Benchmark Framework for Security Vulnerability Detection in LLM-Generated Code

The code generation capabilities of large language modelsLLMs have emerged as a critical dimension in evaluating their overall performance. However, prior research has largely overlooked the security risks inherent in the generated code. In this work, we introduce SafeGenBench, a benchmark...

Tech-ASan: Two-Stage Check for Address Sanitizer

Address Sanitizer ASan is a sharp weapon for detecting memory safety violations, including temporal and spatial errors hidden in C/C++ programs during execution. However, ASan incurs significant runtime overhead, which limits its efficiency in testing large software. The overhead mainly comes fro...

[SECURITY] Fedora 42 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc42

This package holds the source for various tools related to performance measurement, storage, and analysis. - cmd/benchstat contains a command-line tool that computes and 7 compares statistics about benchmarks. - cmd/benchsave contains a command-line tool for publishing benchmark results. - storag...

[SECURITY] Fedora 41 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc41

This package holds the source for various tools related to performance measurement, storage, and analysis. - cmd/benchstat contains a command-line tool that computes and 7 compares statistics about benchmarks. - cmd/benchsave contains a command-line tool for publishing benchmark results. - storag...

MAYA: Addressing Inconsistencies in Generative Password Guessing through a Unified Benchmark

Recent advances in generative models have led to their application in password guessing, with the aim of replicating the complexity, structure, and patterns of human-created passwords. Despite their potential, inconsistencies and inadequate evaluation methodologies in prior research have hindered...

Uncovering Reliable Indicators: Improving IoC Extraction from Threat Reports

Indicators of Compromise IoCs are critical for threat detection and response, marking malicious activity across networks and systems. Yet, the effectiveness of automated IoC extraction systems is fundamentally limited by one key issue: the lack of high-quality ground truth. Current extraction too...

LLMs Caught in the Crossfire: Malware Requests and Jailbreak Challenges

The widespread adoption of Large Language Models LLMs has heightened concerns about their security, particularly their vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. While prior research has been conducted on general security capabilities of LLMs,...

LLM Unlearning Should Be Form-Independent

Large Language Model LLM unlearning aims to erase or suppress undesirable knowledge within the model, offering promise for controlling harmful or private information to prevent misuse. However, recent studies highlight its limited efficacy in real-world scenarios, hindering practical adoption. In...

SoK: Data Reconstruction Attacks against Machine Learning Models: Definition, Metrics, and Benchmark

Data reconstruction attacks, which aim to recover the training dataset of a target model with limited access, have gained increasing attention in recent years. However, there is currently no consensus on a formal definition of data reconstruction attacks or appropriate evaluation metrics for...

VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents

Computer-Use Agents CUAs with full system access enable powerful task automation but pose significant security and privacy risks due to their ability to manipulate files, access user data, and execute arbitrary commands. While prior work has focused on browser-based agents and HTML-level attacks,...

Con Instruction: Universal Jailbreaking of Multimodal Large Language Models Via Non-Textual Modalities

Existing attacks against multimodal language models MLLMs primarily communicate instructions through text accompanied by adversarial images. In contrast, we exploit the capabilities of MLLMs to interpret non-textual instructions, specifically, adversarial images or audio generated by our novel...

Data Flows in You: Benchmarking and Improving Static Data-Flow Analysis on Binary Executables

Data-flow analysis is a critical component of security research. Theoretically, accurate data-flow analysis in binary executables is an undecidable problem, due to complexities of binary code. Practically, many binary analysis engines offer some data-flow analysis capability, but we lack...