Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
This academic paper examines privacy risks in vertical federated learning (a machine learning approach where different organizations each hold different features of the same data and train a model together) when facing agnostic inference attacks (attacks where the attacker doesn't know the model's structure in advance). The paper analyzes how attackers could potentially infer private information from the shared computations in this system.
N/A -- This content is a navigation menu and product listing from GitHub's website (v5.6.1), not a security issue, vulnerability report, or technical problem. It describes GitHub's features like Copilot (an AI coding assistant), Actions (workflow automation), and security tools, but contains no substantive technical content to analyze.
This research paper, published in September 2026, addresses how to find the shortest path between two points on encrypted graphs (networks where connections and data are hidden using cryptography) while keeping the query private. The work focuses on path-constrained queries, meaning the shortest route must follow specific rules or limitations, all without revealing the actual graph structure or what users are searching for.
CTISum is a new benchmark dataset designed to help train and test AI systems that automatically summarize cyber threat intelligence (CTI, which is information about security attacks and threats). The dataset provides examples of threat reports and their summaries, helping researchers develop better AI tools for quickly understanding large amounts of security information. This work addresses the challenge of processing the massive volume of threat data that security teams need to analyze.
N/A -- The provided content is a navigation menu and feature listing from GitHub's website, not an AI/LLM security issue, vulnerability, or technical problem.
This research proposes K-TCDP (K-Temporal Correlated Differential Privacy), a new method for training large language models privately using LoRA (a technique that adds small trainable adapters to a model). Standard privacy-preserving training adds random noise that degrades model quality, but K-TCDP uses strategically correlated noise over time so that noise added in early steps can be partially canceled out by noise in later steps, improving model performance while maintaining privacy guarantees.
FinBot is an interactive training platform (CTF, or capture-the-flag competition) created by OWASP to help builders and defenders understand how agentic AI systems (AI agents that plan, act, and make decisions in complex workflows) can fail and be attacked. It simulates a financial services application where users encounter real security risks like prompt injection (tricking an AI by hiding instructions in its input), tool misuse, data theft, and privilege escalation (gaining unauthorized higher-level access), with connections to industry security frameworks like the OWASP Top 10 for Agentic Applications.
Vision-language models (AI systems that process both images and text together) can leak private information from user-uploaded content, such as identifying people in photos or extracting sensitive text. This research examines privacy risks when users submit images and text to these models. The paper proposes privacy-preserving methods to protect user data while still allowing these AI systems to function effectively.
This survey paper examines algorithm debt in machine learning and deep learning systems, which refers to the long-term costs and problems that accumulate when developers use suboptimal algorithms or methods in AI projects. The paper defines what algorithm debt is, identifies warning signs called 'smells' that indicate its presence, and discusses future research directions. Understanding algorithm debt helps developers recognize when quick, temporary solutions in AI projects create technical problems that become harder and more expensive to fix later.
This academic paper explores how Software Bill of Materials (SBOMs, detailed lists of all software components used in a project) can be extended to cover agentic AI systems (AI systems that can independently make decisions and take actions). The paper discusses schema extensions, how to organize and orchestrate these agentic components, and methods to evaluate whether AI systems produce reproducible results.
This research paper evaluates whether multiple AI agents working together can effectively help identify privacy threats in software systems using LINDDUN GO, a structured methodology for privacy threat modeling (a process of identifying ways a system could leak or misuse personal data). The study, published in July 2026, examines whether collaborative multi-agent LLM (large language model) systems can improve the quality and completeness of privacy threat identification compared to single AI agents or human analysis.
This academic paper proposes a dual-chain, privacy-preserving credential architecture designed to enable trust and learner agency in lifelong learning systems. The work focuses on creating secure credential management that protects learner privacy while maintaining verifiable educational records across multiple institutions and learning contexts.
Face morphing attacks (blending two faces together to fool facial recognition systems) threaten security systems used at borders and for digital identity checks, and detecting them from a single image is difficult because there's no trusted reference image to compare against. This paper presents R-FLoRA, a new detection method that combines high-frequency image analysis (looking at fine details) with a frozen, large-scale vision transformer (a type of AI model trained on images) to spot morphing artifacts while keeping the overall understanding of the face intact. The method outperforms nine other detection approaches on multiple test datasets and works efficiently in real-world biometric verification systems.
This paper describes a new encryption method called FDXT that helps protect data privacy when searching encrypted files on untrusted servers. Previous methods like ODXT and SDSSE-CQ had weaknesses where attackers could leak information by analyzing search patterns and file sizes when users searched for multiple keywords together, but FDXT fixes these privacy leaks while maintaining similar or better performance.
Researchers have developed a fingerprint-based watermarking technique to protect and track natural language processing models (AI systems trained to understand and generate text) that operate as black boxes (systems where users cannot see how internal decisions are made). This method allows owners to prove they created a model and trace where it has been used or copied without permission.
This academic survey article examines how AI is being used to improve security in edge computing (processing data on devices near users rather than in distant data centers), while also exploring the new threats that arise when combining AI with edge systems. The article covers both the security challenges unique to AI-enhanced edge environments and potential approaches to address them, looking toward future developments in this field.
Anubis is a security model designed to control access to systems by understanding the context in which access requests are made, rather than using fixed rules alone. The model aims to make access control smarter by considering situational factors when deciding whether to grant or deny user permissions. This research was published in July 2026 in the Journal of Information Security and Applications.
Universal Adversarial Perturbations (UAPs, tiny modifications to images that fool AI models across many different inputs) are security threats to deep learning systems, but existing methods make attacks obvious because they either look wrong to humans or cause suspicious misclassifications. This paper presents Stealthy-UAP, a framework that makes UAPs harder to detect by targeting only semantically related classes (so misclassifications seem plausible) and optimizing perturbations to match how humans actually perceive images.
Cyber Threat Attribution (CTA) is the process of identifying who carried out a cyberattack by analyzing evidence from the attack. This paper introduces ThreatMAMBA, an AI framework that improves CTA by building knowledge graphs from threat intelligence data (IOCs, or indicators of compromise that identify malicious activity; TTPs, or tactics and techniques used by attackers; and temporal relationships) and using machine learning to identify attackers even in the early stages of ongoing attacks. The system showed significant improvements in accuracy at different stages of attack development, suggesting it can provide reliable attribution information quickly during real incidents.
This is a research survey published in ACM Computing Surveys that examines the limitations and problems of large language models (LLMs, which are AI systems trained on massive amounts of text data to generate human-like responses). The survey takes a data-driven approach to understand how LLM research has evolved as scientists discover and study these systems' weaknesses and constraints.