685 matches found
Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts
The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...
Stop Fixating on Prompts: Reasoning Hijacking and Constraint Tightening for Red-Teaming LLM Agents
With the widespread application of LLM-based agents across various domains, their complexity has introduced new security threats. Existing red-team methods mostly rely on modifying user prompts, which lack adaptability to new data and may impact the agent's performance. To address the challenge,...
Hackers or Hallucinators? A Comprehensive Analysis of LLM-Based Automated Penetration Testing
The rapid advancement of Large Language Models LLMs has created new opportunities for Automated Penetration Testing AutoPT, spawning numerous frameworks aimed at achieving end-to-end autonomous attacks. However, despite the proliferation of related studies, existing research generally lacks...
Towards the Development of an LLM-Based Methodology for Automated Security Profiling in Compliance with Ukrainian Cybersecurity Regulations
In recent years, the pace of development of information technology in various areas has increased drastically, forcing cybersecurity specialists to constantly review existing processes in order to prevent unauthorized access to confidential information. Using Ukraine as a primary case study, this...
From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems
Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...
SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills
OpenClaw's ClawHub marketplace hosts over 13,000 community-contributed agent skills, and between 13% and 26% of them contain security vulnerabilities according to recent audits. Regex scanners miss obfuscated payloads; formal static analyzers cannot read the natural language instructions in...
Guiding Symbolic Execution with Static Analysis and LLMs for Vulnerability Discovery
Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual process requiring expert knowledge, which significantly...
EUVD-2026-19351
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...
LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories
Large language models LLMs are increasingly embedded in open-source software OSS ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it remains unclear whether traditional vulnerability disclosure...
CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks
As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...
Perceptual Gaps: ASCII Art and Overlapping Audio As CAPTCHA
As multimodal large language models LLMs advance, traditional CAPTCHAs have become obsolete at distinguishing humans from bots. To address this shift, this paper aims to investigate the possibility of using tasks for which humans have evolved highly specialised neural processing. We introduce two...
Combating Data Laundering in LLM Training
Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...
Automated Malware Family Classification Using Weighted Hierarchical Ensembles of Large Language Models
Malware family classification remains a challenging task in automated malware analysis, particularly in real-world settings characterized by obfuscation, packing, and rapidly evolving threats. Existing machine learning and deep learning approaches typically depend on labeled datasets, handcrafted...
PT-2026-29877
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing to mono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy result...
Hidden Ads: Behavior Triggered Semantic Backdoors for Advertisement Injection in Vision Language Models
Vision-Language Models VLMs are increasingly deployed in consumer applications where users seek recommendations about products, dining, and services. We introduce Hidden Ads, a new class of backdoor attacks that exploit this recommendation-seeking behavior to inject unauthorized advertisements...
CVE-2026-27893
CVE-2026-27893 affects vLLM’s inference/serving engine. From version 0.10.1 up to (but not including) 0.18.0, two model implementation files hardcode trust_remote_code=True when loading sub-components, bypassing the user’s --trust-remote-code=False security opt-out. This enables remote code execu...
Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models
On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...
Towards Leveraging LLMs to Generate Abstract Penetration Test Cases from Software Architecture
Software architecture models capture early design decisions that strongly influence system quality attributes, including security. However, architecture-level security assessment and feedback are often absent in practice, allowing security weaknesses to propagate into later phases of the software...
TreeTeaming: Autonomous Red-Teaming of Vision-Language Models Via Hierarchical Strategy Exploration
The rapid advancement of Vision-Language Models VLMs has brought their safety vulnerabilities into sharp focus. However, existing red teaming methods are fundamentally constrained by an inherent linear exploration paradigm, confining them to optimizing within a predefined strategy set and...
Leveraging Large Language Models for Trustworthiness Assessment of Web Applications
The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem as existing techniques primarily focus on detecting known...