685 matches found
Revisiting Data Auditing in Large Vision-Language Models
With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...
Case Study: Fine-Tuning Small Language Models for Accurate and Private CWE Detection in Python Code
Large Language Models LLMs have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations CWEs. However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzi...
Automatically Generating Rules of Malicious Software Packages Via Large Language Model
Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...
Private Federated Learning Using Preference-Optimized Synthetic Data
In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...
GO-2025-3622 Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server
Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server...
DoomArena: a Framework for Testing AI Agents against Evolving Security Threats
We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...
DualBreach: Efficient Dual-Jailbreaking Via Target-Driven Initialization and Multi-Target Optimization
Recent research has focused on exploring the vulnerabilities of Large Language Models LLMs, aiming to elicit harmful and/or sensitive content from LLMs. However, due to the insufficient research on dual-jailbreaking -- attacks targeting both LLMs and Guardrails, the effectiveness of existing...
Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data
Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...
A Data-Centric Approach for Safe and Secure Large Language Models against Threatening and Toxic Content
Large Language Models LLM have made remarkable progress, but concerns about potential biases and harmful content persist. To address these apprehensions, we introduce a practical solution for ensuring LLM's safe and ethical use. Our novel approach focuses on a post-generation correction mechanism...
Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask
Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...
Multi-Stage Retrieval for Operational Technology Cybersecurity Compliance Using Large Language Models: a Railway Casestudy
Operational Technology Cybersecurity OTCS continues to be a dominant challenge for critical infrastructure such as railways. As these systems become increasingly vulnerable to malicious attacks due to digitalization, effective documentation and compliance processes are essential to protect these...
Artificial Intelligence – What's all the fuss?
Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...
On the Feasibility of Using MultiModal LLMs to Execute AR Social Engineering Attacks
Augmented Reality AR and Multimodal Large Language Models LLMs are rapidly evolving, providing unprecedented capabilities for human-computer interaction. However, their integration introduces a new attack surface for social engineering. In this paper, we systematically investigate the feasibility...
InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models
Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...
Provable Secure Steganography Based on Adaptive Dynamic Sampling
The security of private communication is increasingly at risk due to widespread surveillance. Steganography, a technique for embedding secret messages within innocuous carriers, enables covert communication over monitored channels. Provably Secure Steganography PSS is state of the art for making...
Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction
The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...
R-TPT: Improving Adversarial Robustness of Vision-Language Models through Test-Time Prompt Tuning
Vision-language models VLMs, such as CLIP, have gained significant popularity as foundation models, with numerous fine-tuning methods developed to enhance performance on downstream tasks. However, due to their inherent vulnerability and the common practice of selecting from a limited set of...
Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework
WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...
Investigating Cybersecurity Incidents Using Large Language Models in Latest-Generation Wireless Networks
The purpose of research: Detection of cybersecurity incidents and analysis of decision support and assessment of the effectiveness of measures to counter information security threats based on modern generative models. The methods of research: Emulation of signal propagation data in MIMO systems,...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from improper access control on the /prompts/promptid endpoint, and no detailed vulnerability details are provided at this time...