Benchmarking-Agent-Architectures

Benchmarking Agent Architectures for LLM-Based Exploit Gener...

exploitation-validator

exploitation-validator, an Exploitability Validation System A...

Discovering Universal Activation Directions for PII Leakage in Language Models

Modern language models exhibit rich internal structure, yet little is known about how privacy-sensitive behaviors, such as personally identifiable information PII leakage, are represented and modulated within their hidden states. We present UniLeak, a mechanistic-interpretability framework that...

Evaluating Large Language Models for Security Bug Report Prediction

Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...

ReasoningBomb: A Stealthy Denial-Of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models

Large reasoning models LRMs extend large language models with explicit multi-step reasoning traces, but this capability introduces a new class of prompt-induced inference-time denial-of-service PI-DoS attacks that exploit the high computational cost of reasoning. We first formalize inference cost...

PYSEC-2026-86

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

Breaking to Build: a Threat Model of Prompt-Based Attacks for Securing LLMs

The proliferation of Large Language Models LLMs has introduced critical security challenges, where adversarial actors can manipulate input prompts to cause significant harm and circumvent safety alignments. These prompt-based attacks exploit vulnerabilities in a model's design, training, and...

CVE-2025-57771

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

When LLMs Copy to Think: Uncovering Copy-Guided Attacks in Reasoning LLMs

Large Language Models LLMs have become integral to automated code analysis, enabling tasks such as vulnerability detection and code comprehension. However, their integration introduces novel attack surfaces. In this paper, we identify and investigate a new class of prompt-based attacks, termed...

LLM-Stackelberg Games: Conjectural Reasoning Equilibria and Their Applications to Spearphishing

We introduce the framework of LLM-Stackelberg games, a class of sequential decision-making models that integrate large language models LLMs into strategic interactions between a leader and a follower. Departing from classical Stackelberg assumptions of complete information and rational agents, ou...

Security Assessment of DeepSeek and GPT Series Models against Jailbreak Attacks

The widespread deployment of large language models LLMs has raised critical concerns over their vulnerability to jailbreak attacks, i.e., adversarial prompts that bypass alignment mechanisms and elicit harmful or policy-violating outputs. While proprietary models like GPT-4 have undergone extensi...

shoplc.com XSS vulnerability

Vulnerable URL: https://www.shoplc.com/unbxdSearch/?topCatSearch=All=aaaaaaaaaaaaaaaaaa'-prompt/OPENBUGBOUNTY/-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 172361 VIP website...