AI Sec Watch

A vulnerability in keras version 3.13.0 allows attackers to run their own code when a model is loaded, even when `safe_mode=True` (a setting meant to prevent unsafe operations). The problem occurs because the `TFSMLayer` class loads external TensorFlow SavedModels (pre-trained model files) without checking if they're safe, and doesn't properly validate file paths or configuration data.

Referring video object segmentation (RVOS, the task of identifying and outlining objects in videos based on text descriptions) is used in safety-critical applications like autonomous driving, but the deep neural networks that power these systems are vulnerable to adversarial perturbations (tiny, intentional changes to input data designed to fool AI models). This research demonstrates for the first time that RVOS models can be reliably attacked using a method called xM-ICM, which corrupts both visual and text information to mislead the models, and shows this attack works even when attackers have limited information about the system.

HKT-SmartAudit is a framework that creates smaller, faster AI models specifically trained to find bugs in smart contracts (self-executing code on blockchain networks). The framework uses knowledge distillation (a technique where a large, accurate AI model teaches a smaller model by sharing what it has learned), allowing these lightweight models to detect vulnerabilities effectively while using far less computing power than larger models.

FALCON-Net is a detection system designed to identify AI-generated images by analyzing their technical flaws. The system works by examining two key weaknesses in generated images: the lack of device-specific sensor noise (natural imperfections that real cameras add) and unnatural pixel intensity variations that result from oversimplified generation processes. FALCON-Net combines two analysis modules (one for noise patterns and one for local pixel variations) to reliably distinguish AI-generated images from real ones, even when tested on image generation models it wasn't trained on.

Federated learning (FL, where multiple devices train AI models together without sharing raw data) faces privacy risks because adversaries can extract sensitive information from model updates. FedNSA is a new protocol that combines differential privacy (adding mathematical noise to hide individual data patterns), encryption, and multi-party computation (MPC, a technique where multiple parties jointly compute results without revealing their individual inputs) to protect model updates while reducing the communication and computational burden that makes secure aggregation impractical on resource-constrained devices like smartphones.

LitCVit is a lightweight AI model designed to detect malicious encrypted network traffic (data sent over secure connections) without needing to decrypt it or manually extract features. The model uses self-supervised learning (training where the AI learns patterns from unlabeled data) and vision transformers (a type of neural network architecture) to analyze patterns across multiple data packets and flows (sequences of related network communications) while running much faster than existing approaches, achieving 98% accuracy on test datasets.

This paper presents HENet, a new method for creating adversarial examples (inputs with small, intentional changes designed to fool AI models) that work against different types of neural networks like CNNs (convolutional neural networks, commonly used for image tasks) and Transformers (a newer architecture). The method improves two key challenges: making attacks work across different model architectures and making adversarial examples survive image compression like JPEG, which currently weakens their effectiveness.

Large language models (LLMs, which are AI systems trained on vast amounts of text) are vulnerable to serious attacks like hallucinations (making up false information), jailbreaks (tricking the AI into ignoring its safety rules), and backdoors (hidden malicious instructions inserted during training). This research proposes a detection method using hidden state forensics (analyzing the internal numerical patterns that flow through the model's layers) to identify abnormal or malicious behavior in real-time, achieving over 95% accuracy with minimal computational cost.

DFREC is a new method for identifying the original faces used to create deepfakes (fake videos where one person's face is swapped onto another's body). Unlike existing deepfake detection tools that only identify whether an image is fake, DFREC recovers both the source face (the one being used) and target face (the one being impersonated) from a deepfake image, which helps investigators trace who was involved in creating the fake and reduces risks from deepfake attacks. The system uses three components: one to separate source and target face information, one to reconstruct the source face, and one to reconstruct the target face using a Masked Autoencoder (a type of neural network that learns patterns by hiding parts of input data).