Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
Sanitizer is a new framework for federated learning (a training method where multiple computers learn together without sharing raw data) that addresses two major challenges: privacy and Byzantine attacks (when some computers send bad or malicious data). The framework uses more efficient cryptographic techniques and two new protocols for combining data from multiple sources, achieving 19-23 times faster performance than existing methods while maintaining accuracy and security.
This paper describes a security problem in blockchain payment channels (like the Lightning Network, which allows faster transactions by bundling multiple payments together): malicious intermediate nodes can intercept funds by reading payment conditions sent in plaintext. The authors propose a solution using a new encryption method called CUAP-PRE (ciphertext unlinkable autonomous path proxy re-encryption, which encrypts payment instructions so intermediate nodes can't see or trace them) combined with an improved payment protocol that lets the final receiver control decryption rights in reverse order to unlock the funds.
Fix: The proposed solution is a secure off-chain payment protocol (SOCP) built on the new CUAP-PRE cryptographic primitive. According to the source, this protocol prevents malicious nodes by: (1) enabling the delegator to designate all trusted delegatees, (2) using ciphertext unlinkability to resist inference attacks and path tracing to ensure anonymity, and (3) implementing an enhanced multi-hop Hash Time-Lock Contract where the receiver at the end of the payment path can control decryption rights in a reversed multi-hop delegation manner to unlock the corresponding bitcoins on hold.
IEEE Xplore (Security & AI Journals)LVMark is a watermarking technique that hides invisible digital markers in video diffusion models (AI systems that generate realistic videos from text descriptions) to protect against unauthorized use. The method improves on existing approaches by maintaining temporal consistency (keeping the watermark stable across consecutive video frames) and preserving video quality through a specialized decoder that combines frequency analysis with color information. The technique successfully embeds 512-bit capacity watermarks that remain detectable even when videos are distorted or attacked.
ShadowCoT is a backdoor attack (a hidden vulnerability inserted into an AI model that causes it to misbehave when triggered) that targets Chain-of-Thought reasoning, which is a technique where LLMs show their step-by-step thinking to solve complex problems. Unlike simpler attacks, ShadowCoT hijacks the model's internal reasoning process by subtly rewiring how attention flows through the model and changing intermediate representations (internal data the model creates while processing), allowing it to produce logical-sounding but harmful outputs while avoiding detection.
This paper presents a new method for securely transmitting data between two users over a wireless channel where an eavesdropper might be listening. The researchers use polar coding (a technique for encoding data reliably) combined with feedback (information sent back from receiver to sender) to create correlation between transmitted signals and add dummy messages that confuse eavesdroppers. The proposed scheme achieves both reliable communication and strong secrecy without requiring simplified assumptions about the channel.
This academic paper explores how Software Bill of Materials (SBOMs, detailed lists of all software components used in a project) can be extended to cover agentic AI systems (AI systems that can independently make decisions and take actions). The paper discusses schema extensions, how to organize and orchestrate these agentic components, and methods to evaluate whether AI systems produce reproducible results.
This research paper evaluates whether multiple AI agents working together can effectively help identify privacy threats in software systems using LINDDUN GO, a structured methodology for privacy threat modeling (a process of identifying ways a system could leak or misuse personal data). The study, published in July 2026, examines whether collaborative multi-agent LLM (large language model) systems can improve the quality and completeness of privacy threat identification compared to single AI agents or human analysis.
This academic paper proposes a dual-chain, privacy-preserving credential architecture designed to enable trust and learner agency in lifelong learning systems. The work focuses on creating secure credential management that protects learner privacy while maintaining verifiable educational records across multiple institutions and learning contexts.
This paper presents MCCENet, a deep learning system that improves biometric authentication by combining two types of palm data: palm vein patterns and palm shape. The system uses hierarchical feature fusion (a technique that exchanges information between different data types at early processing layers) and multimodal contrastive learning (a training method that helps the AI learn similar representations for related data from different sources) to better recognize individuals, achieving better accuracy than previous methods tested across eight public datasets.
Honeywords are fake passwords (decoys) stored alongside real passwords to detect when password databases are leaked. This research reveals critical security flaws in honeyword schemes that generate decoys by sampling from actual user passwords (internal sampling), showing that attackers can distinguish real passwords from decoys with success rates of 3.82%–44.8% depending on their capabilities, which exceeds the intended security target of 2.50%.
This paper describes a new encryption method called FDXT that helps protect data privacy when searching encrypted files on untrusted servers. Previous methods like ODXT and SDSSE-CQ had weaknesses where attackers could leak information by analyzing search patterns and file sizes when users searched for multiple keywords together, but FDXT fixes these privacy leaks while maintaining similar or better performance.
Random prime number generators are essential for encryption and security protocols, but their output can become flawed and needs constant checking. This paper describes a machine learning approach that can validate quantum random number generators (QRNGs, devices that use quantum physics to create truly random numbers) by learning patterns in the prime numbers they produce and detecting when the output becomes biased (skewed toward certain values). The researchers tested their framework on both a quantum-based prime generator and a classical electronic noise generator, successfully identifying flawed configurations.
Face morphing attacks (blending two faces together to fool facial recognition systems) threaten security systems used at borders and for digital identity checks, and detecting them from a single image is difficult because there's no trusted reference image to compare against. This paper presents R-FLoRA, a new detection method that combines high-frequency image analysis (looking at fine details) with a frozen, large-scale vision transformer (a type of AI model trained on images) to spot morphing artifacts while keeping the overall understanding of the face intact. The method outperforms nine other detection approaches on multiple test datasets and works efficiently in real-world biometric verification systems.
SRAM PUFs (physically unclonable functions, which are hardware features that generate unique secret keys from a chip's manufacturing variations) suffer from reliability problems because bits can flip and change values unpredictably. This paper introduces TMVS (Threshold-based Majority Voting Scheme), a software-based method that reduces noise and fixes bias issues in SRAM PUFs while keeping the approach simple and avoiding the complexity of heavy error-correction codes.
Researchers have developed a fingerprint-based watermarking technique to protect and track natural language processing models (AI systems trained to understand and generate text) that operate as black boxes (systems where users cannot see how internal decisions are made). This method allows owners to prove they created a model and trace where it has been used or copied without permission.
This academic survey article examines how AI is being used to improve security in edge computing (processing data on devices near users rather than in distant data centers), while also exploring the new threats that arise when combining AI with edge systems. The article covers both the security challenges unique to AI-enhanced edge environments and potential approaches to address them, looking toward future developments in this field.
This paper proposes a framework for teaching AI skills to business students, arguing that universities should prepare graduates to lead AI-driven business transformation. The framework outlines seven competency areas, including AI literacy, governance and risk management, technology management, systems development, and AI strategy, to guide the design of business school programs that help students develop, deploy, and use AI solutions effectively in organizations.
Anubis is a security model designed to control access to systems by understanding the context in which access requests are made, rather than using fixed rules alone. The model aims to make access control smarter by considering situational factors when deciding whether to grant or deny user permissions. This research was published in July 2026 in the Journal of Information Security and Applications.
Universal Adversarial Perturbations (UAPs, tiny modifications to images that fool AI models across many different inputs) are security threats to deep learning systems, but existing methods make attacks obvious because they either look wrong to humans or cause suspicious misclassifications. This paper presents Stealthy-UAP, a framework that makes UAPs harder to detect by targeting only semantically related classes (so misclassifications seem plausible) and optimizing perturbations to match how humans actually perceive images.
This research proposes RIBSC, a security system for VANETs (vehicular ad hoc networks, where vehicles communicate wirelessly with each other and roadside infrastructure) that protects privacy during vehicle-to-road communication. The system uses signcryption (a technique that simultaneously encrypts and digitally signs messages) combined with a session key distribution mechanism and traceable pseudonyms to prevent privacy breaches while allowing authorities to identify vehicles involved in illegal activities.