6700 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
AI Agents May Always Fall for Prompt Injections
Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...
Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents
Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing security research on memory assumes attackers can directly...
AgentSentinel: an End-To-End and Real-Time Security Defense Framework for Computer-Use Agents
Large Language Models LLMs have been increasingly integrated into computer-use agents, which can autonomously operate tools on a user's computer to accomplish complex tasks. However, due to the inherently unstable and unpredictable nature of LLM outputs, they may issue unintended tool commands or...
Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask
Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...
A Framework for Formalizing LLM Agent Security
Security in LLM agents is inherently contextual. For example, the same action taken by an agent may represent legitimate behavior or a security violation depending on whose instruction led to the action, what objective is being pursued, and whether the action serves that objective. However,...
QLCoder: A Query Synthesizer for Static Analysis of Security Vulnerabilities
Static analysis tools provide a powerful means to detect security vulnerabilities by specifying queries that encode vulnerable code patterns. However, writing such queries is challenging and requires diverse expertise in security and program analysis. To address this challenge, we present QLCoder...
Automating Function-Level TARA for Automotive Full-Lifecycle Security
As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...
CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation
Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...
PATCHEVAL: A New Benchmark for Evaluating LLMs on Patching Real-World Vulnerabilities
Software vulnerabilities are increasing at an alarming rate. However, manual patching is both time-consuming and resource-intensive, while existing automated vulnerability repair AVR techniques remain limited in effectiveness. Recent advances in large language models LLMs have opened a new paradi...
Membrane: A Self-Evolving Contrastive Safety Memory for LLM Agent Defense
Despite advances in safety alignment, large language models remain vulnerable to continuously evolving jailbreaks. Existing fine-tuned safety classifiers cannot adapt to these evolving attacks, while adaptive memory-based guardrails tend to over-refuse benign queries that resemble stored attacks...
deepSURF: Detecting Memory Safety Vulnerabilities in Rust through Fuzzing LLM-Augmented Harnesses
Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited detection capabilities, inadequately handle Rust-specific...
Under the Hood of SKILL.Md: Semantic Supply-Chain Attacks on AI Agent Skill Registry
Autonomous AI agents increasingly extend their capabilities through Agent Skills: modular filesystem packages whose SKILL.md files describe when and how agents should use them. While this design enables scalable, on-demand capability expansion, it also introduces a semantic supply-chain risk in...
ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents
Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...
Broken Object Level Authorization in the Wild: An Empirical Taxonomy from 100+ Bug Bounty Disclosures
Broken Object Level Authorization BOLA is consistently ranked the most critical API security vulnerability, yet the existing literature remains almost entirely conceptual. This paper presents one of the first large-scale empirical analyses of BOLA in publicly disclosed bug bounty reports. We...
SkillGuard: A Permission Framework for Agent Skills
Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...
ARIstoteles -- Dissecting Apple's Baseband Interface
Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance...
What Makes a Good LLM Agent for Real-World Penetration Testing?
LLM-based agents show promise for automating penetration testing, yet reported performance varies widely across systems and benchmarks. We analyze 28 LLM-based penetration testing systems and evaluate five representative implementations across three benchmarks of increasing complexity. Our analys...
Sparse Autoencoders Are Capable LLM Jailbreak Mitigators
Jailbreak attacks remain a persistent threat to large language model safety. We propose Context-Conditioned Delta Steering CC-Delta, an SAE-based defense that identifies jailbreak-relevant sparse features by comparing token-level representations of the same harmful request with and without...
PBFuzz: Agentic Directed Fuzzing for PoV Generation
Proof-of-Vulnerability PoV input generation is a critical task in software security and supports downstream applications such as path generation and validation. Generating a PoV input requires solving two sets of constraints: 1 reachability constraints for reaching vulnerable code locations, and ...
Benchmarking Poisoning Attacks against Retrieval-Augmented Generation
Retrieval-Augmented Generation RAG has proven effective in mitigating hallucinations in large language models by incorporating external knowledge during inference. However, this integration introduces new security vulnerabilities, particularly to poisoning attacks. Although prior work has explore...
An Empirical Security Evaluation of LLM-Generated Cryptographic Rust Code
Developers and organizations are using Large Language Models LLMs to generate security-critical code more frequently than ever, including cryptographic solutions for their products. This study presents an empirical evaluation of cryptographic security in 240 Rust code samples for two crypto...
IServ Schoolserver User Enumeration
IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...
PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design
Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...
GraphQLer: Enhancing GraphQL Security with Context-Aware API Testing
GraphQL is an open-source data query and manipulation language for web applications, offering a flexible alternative to RESTful APIs. However, its dynamic execution model and lack of built-in security mechanisms expose it to vulnerabilities such as unauthorized data access, denial-of-service DoS...
When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins
Prompt injection attacks pose a critical threat to large language models LLMs, with prior work focusing on cutting-edge LLM applications like personal copilots. In contrast, simpler LLM applications, such as customer service chatbots, are widespread on the web, yet their security posture and...
LLM Agent Safety, Multi-Turn Red-Teaming, Jailbreak Benchmarks, Adversarial Robustness, Safety-Critical Systems
Large language model LLM agents are increasingly proposed as supervisory components for safety-critical systems, yet their robustness under sustained, adaptive adversarial pressure remains poorly characterized. We present NRT-Bench, a benchmark for multi-turn red-teaming of LLM agents acting as...
Do Coding Agents Understand Least-Privilege Authorization?
As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...
From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching
Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar...
CAVGAN: Unifying Jailbreak and Defense of LLMs Via Generative Adversarial Attacks on Their Internal Representations
Security alignment enables the Large Language Model LLM to gain the protection against malicious queries, but various jailbreak attack methods reveal the vulnerability of this security mechanism. Previous studies have isolated LLM jailbreak attacks and defenses. We analyze the security protection...
Samba Print Exposure Auditor
This is an exposure assessment tool designed to evaluate whether a Samba print service exposes printer-related RPC functionality to anonymous users through the spoolss endpoint...
SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?
Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...
BrowseSafe: Understanding and Preventing Prompt Injection within AI Browser Agents
The integration of artificial intelligence AI agents into web browsers introduces security challenges that go beyond traditional web application threat models. Prior work has identified prompt injection as a new attack vector for web agents, yet the resulting impact within real-world environments...
How Vulnerable Are AI Agents to Indirect Prompt Injections? Insights from a Large-Scale Public Competition
LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial instructions embedded in external content manipulate agent...
GenTI: Benchmarking LLMs for Autonomous IDPS Rule Generation for Unseen Attacks
Rule-based Intrusion Detection and Prevention Systems IDPS offer precise attack detection as well as mitigation, however their manually crafted, signature-driven rules limit adaptability to emerging and zero-day threats. Additionally, existing public datasets e.g., CICIDS2017, UNSW-NB15 focus on...
A Longitudinal Study of Android Apps Signing Key Protection
Android app signing relies on developer-managed credentials, making secure key protection essential for the integrity of the software supply chain. A recent platform key leakage incident involving two major OEM manufacturers demonstrates that even robustly designed signing mechanisms can be...
WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents
WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...
Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents
Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...
ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense
Large language models LLMs are increasingly being deployed as software engineering agents that autonomously contribute to repositories. A major benefit these agents present is their ability to find and patch security vulnerabilities in the codebases they oversee. To estimate the capability of...
TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition
In this paper, the researchers show that the security guarantees of modern TEE offerings by Intel and AMD can be broken cheaply and easily, by building a memory interposition device that allows attackers to physically inspect all memory traffic inside a DDR5 server...
A Robust Cross-Domain IDS Using BiGRU-LSTM-Attention for Medical and Industrial IoT Security
The increased Internet of Medical Things IoMT and the Industrial Internet of Things IIoT interconnectivity has introduced complex cybersecurity challenges, exposing sensitive data, patient safety, and industrial operations to advanced cyber threats. To mitigate these risks, this paper introduces ...
SAFE-SiP: Secure Authentication Framework for System-In-Package Using Multi-Party Computation
The emergence of chiplet-based heterogeneous integration is transforming the semiconductor, AI, and high-performance computing industries by enabling modular designs and improved scalability. However, assembling chiplets from multiple vendors after fabrication introduces a complex supply chain th...
Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection for Repository-Scale Codebases
Memory safety vulnerabilities remain a significant threat even for projects with extensive fuzzing and manual auditing. Recent results suggest that large language models hold great promise for detecting such vulnerabilities, but they are unreliable, at risk of hallucination, and challenging to...
Terminal Wrench: A Dataset of 331 Reward-Hackable Environments and 3,632 Exploit Trajectories
The authors of this paper release Terminal Wrench, a subset of 331 terminal-agent benchmark environments, copied from the popular open benchmarks that are demonstrably reward-hackable. The data set includes 3,632 hack trajectories and 2,352 legitimate baseline trajectories across three frontier...
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...
OpenAnt: LLM-Powered Vulnerability Discovery through Code Decomposition, Adversarial Verification, and Dynamic Testing
Automated vulnerability discovery in large codebases remains challenging: traditional static analysis produces high false-positive rates, while dynamic approaches such as fuzzing require substantial infrastructure and often target narrow classes of bugs. Recent advances in large language models...
FROST: Fingerprinting Remotely Using OPFS-based SSD Timing
Prior work showed that variations in SSD access time can be used to leak information about user activity, e.g., the websites a user accesses, and for covert data transmission. To achieve this, SSD contention side channels require accurate high-resolution timing measurements of I/O operations, e.g...
SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios
Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...
Apple Security Advisory 05-13-2026-1
Apple Security Advisory 05-13-2026-1 - Safari 26.5 addresses use-after-free vulnerabilities...
Exploiting LLM Agent Supply Chains Via Payload-Less Skills
Autonomous agents powered by Large Language Models LLMs acquire external functionalities through third-party skills available in open marketplaces. Adopting these integrations broadens the potential attack surface, prompting a need for systematic security evaluation. Current auditing mechanisms a...