Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
FALCON-Net is a detection system designed to identify AI-generated images by analyzing their technical flaws. The system works by examining two key weaknesses in generated images: the lack of device-specific sensor noise (natural imperfections that real cameras add) and unnatural pixel intensity variations that result from oversimplified generation processes. FALCON-Net combines two analysis modules (one for noise patterns and one for local pixel variations) to reliably distinguish AI-generated images from real ones, even when tested on image generation models it wasn't trained on.
This research paper, published in June 2026, explores how to make multi-party private set union (a process where multiple parties combine datasets while keeping their individual data secret) more efficient and secure against malicious attacks. The authors propose using trusted execution environments (TEEs, hardware that protects code and data even from the computer's owner) to achieve this goal. The paper aims to balance computational efficiency with strong security guarantees when multiple parties need to collaborate while protecting sensitive information.
Researchers used LLMs (large language models, AI systems trained on vast text data) and model checking (a technique to verify if software behaves correctly by examining all possible states) to study Android's permission system, which controls what apps can access on your phone. The study involved modeling how this system works, checking if it's secure, and finding ways to exploit it using AI techniques.
This research paper examines how visual explanation techniques can help protect federated learning (a machine learning approach where multiple computers train a model together without sharing raw data) from poisoning attacks (attempts to corrupt the training data or model). The authors propose an enhanced version of LayerCAM (a method that visualizes which parts of an input an AI focuses on), combined with autoencoders (neural networks that compress and reconstruct data), to detect and defend against such attacks.
Researchers developed new data augmentation strategies (techniques for artificially expanding training datasets) to improve website fingerprinting, which is a method to identify which websites users visit by analyzing their network traffic patterns. The study, published in August 2026, demonstrates how combining multiple augmentation approaches can make these fingerprinting techniques more effective.
This research paper describes a method called ReSLC that protects AI systems used to find software bugs from backdoor attacks, where attackers secretly embed malicious instructions into the AI's training process. The approach uses redundant semantic LLM compression (a technique that removes unnecessary information from large language models while keeping their core abilities) to make these hidden attacks harder to carry out. The work was published in July 2026 in the Journal of Information Security and Applications.
This research paper presents a hybrid deep learning method using autoencoders (neural networks that learn to compress and reconstruct data) and transformers (AI models that process sequences of information) to detect a new type of attack called unresponsive ECN attacks on low-latency network services (systems designed to minimize delay in data transmission). The proposed method achieves over 90% accuracy in detecting these attacks while keeping false alarms below 0.01%, outperforming existing detection approaches by more than 10%.
This paper presents XFaceMark, a method that uses YOLO (an object detection system that identifies items in images) and random MRFO (a nature-inspired optimization algorithm) to add watermarks to deepfakes (AI-generated fake videos or images) in a way that can be explained and understood. The approach aims to make deepfakes traceable while allowing researchers to understand how the watermarking process works.
This academic paper discusses extending SBOMs (software bill of materials, which are detailed lists of all components and dependencies in software) to create AIBOMs that can describe agentic AI systems (AI systems that can take independent actions and make decisions). The paper proposes schema extensions, methods for coordinating multiple AI agents, and ways to evaluate whether AI systems produce consistent and reproducible results.
This article argues that there are fundamental mathematical limits to how secure and well-aligned (following intended behavior) AI systems can be, and that understanding these limits is important before deploying AI widely. The research also shows that AI systems have basic reasoning limitations that stem from these same information-theoretic constraints.
This research paper describes a method for automatically generating password mangling rules (transformations that modify passwords systematically) using adaptive density clustering (a technique that groups similar data points together based on how densely packed they are). The approach aims to improve password security by learning patterns from real password data to create more effective rules for testing password strength.
This research paper presents VM-DSSE-FB, a new encryption method for cloud storage that lets multiple users search and update encrypted data while maintaining privacy. The system uses techniques like symmetric encryption (encoding data with a shared secret key), homomorphic addition (performing calculations on encrypted data without decrypting it first), and bitmap indexing (a method for organizing data searches) to protect against certain attacks and verify that search results are accurate and complete.
Researchers discovered that the SAE J1772 charging control protocol, which manages communication between electric vehicle chargers and cars, lacks proper authentication (verification that devices are who they claim to be). They created ChargeX, a hardware attack that modifies charging control signals to disrupt charging schedules, cause denial of service (DoS, making systems unavailable), or damage batteries. Tests on Tesla chargers and home chargers showed the attacks can force unwanted charging states or crash chargers into error states.
MaliVD is a deep learning method that detects vulnerabilities (security flaws) in source code and identifies exactly which lines contain them, using a multi-modal attention mechanism (a technique that lets the AI focus on important parts of code by analyzing it in multiple ways, like looking at the code's sequence, tree structure, and relationships between components). Traditional security tools create too many false alarms and struggle with complex modern software, but MaliVD performs better than eight other detection methods by extracting different types of code features and prioritizing suspicious sections.
This is a survey paper published in an academic journal that reviews recent progress in conversational data generation, which refers to techniques for creating dialogue datasets (collections of conversations) used to train and improve AI systems. The paper appears to be a comprehensive overview of advances in this field as of July 2026, but no specific technical findings, vulnerabilities, or security issues are described in the provided content.
Researchers have developed AISM (adversarial image steganography model, a technique that hides data inside images while making them resistant to AI recognition), a method for protecting images from being recognized by unauthorized AI systems. The approach uses adversarial techniques (methods that deliberately trick AI models by adding subtle, invisible changes to data) combined with steganography (the practice of hiding information within other data) to prevent unwanted AI analysis while keeping the images visually normal to humans. This work addresses privacy concerns where people want to prevent their images from being processed by AI systems without permission.
CShard is a blockchain sharding (dividing transaction processing across multiple parallel groups of nodes) protocol that uses repairable fountain codes (a data encoding method that allows recovery of lost information) to prevent system failures when shards become corrupted. The protocol introduces a ghost reporter mechanism that lets all nodes verify transactions, allowing smaller shard sizes while maintaining security and enabling recovery of corrupted blocks through decoding.
Fix: The source describes two main technical approaches built into CShard itself: (1) Using repairable fountain codes to recover blocks of corrupted shards through decoding by corresponding shard groups, keeping the system secure and available, and (2) implementing a ghost reporter mechanism that allows all nodes to verify transactions by submitting reports, which enables detection of corrupted shards and recovery of blocks while reducing the required number of nodes per shard.
IEEE Xplore (Security & AI Journals)This is an erratum (correction notice) for an academic survey paper about adversarial machine learning in IoT security (the practice of deliberately fooling AI systems used to protect internet-connected devices). The notice appears in ACM Computing Surveys journal, Volume 58, Issue 10, published in July 2026.
This is an academic survey paper that reviews different prompting frameworks, which are structured approaches to asking large language models (AI systems trained on huge amounts of text) questions or giving them instructions to complete tasks. The paper, published in a major computer science journal, catalogues and analyzes various methods researchers have developed to improve how effectively people interact with and get useful results from LLMs.
Version 5.5.0 adds new security techniques documenting threats to AI systems, including AI agent tool poisoning (when attackers corrupt tools that AI agents use), supply chain attacks, and cost harvesting (depleting computing resources through expensive queries). It also updates existing techniques and mitigations related to code signing and monitoring AI agent behavior.