adversarial-attack

Tag

Cards List
#adversarial-attack

Safety Targeted Embedding Exploit via Refinement

arXiv cs.AI · 2026-07-03 Cached

This paper introduces STEER, a gradient-guided attack that exploits LLMs' safety training distribution by translating high-attribution words into low-resource languages to bypass refusal mechanisms, achieving up to 96.7% attack success rate on AdvBench and transferring to GPT-4o-mini at 35.5% ASR.

0 favorites 0 likes
#adversarial-attack

@rohanpaul_ai: LLMs often cannot tell when an attack made them say something unsafe. Asking an LLM whether its own previous answer was…

X AI KOLs Timeline · 2026-06-24 Cached

This paper investigates whether LLMs can reliably self-report when their outputs have been compromised by adversarial prefills, finding that models often cannot distinguish between compromised and intentional outputs, and their limited recognition stems from normal refusal behavior rather than true self-awareness.

0 favorites 0 likes
#adversarial-attack

Forced Deferral: Manipulating Routing Decisions in Multimodal LLM Cascades

arXiv cs.AI · 2026-06-16 Cached

This paper introduces the Forced Deferral Attack (FDA), an adversarial image attack that manipulates confidence scores in multimodal LLM cascades, causing queries to be unnecessarily routed to stronger (more expensive) models, thereby shifting compute costs to the provider without degrading answer correctness.

0 favorites 0 likes
#adversarial-attack

No Hidden Prompts Needed! You Can Game AI Peer Review with Presentation-Only Revisions

arXiv cs.CL · 2026-06-12 Cached

This paper demonstrates that AI peer reviewers can be manipulated by modifying only presentation-level content (such as abstract, framing, and narrative) without changing any scientific evidence, achieving a 75.1% attack success rate. The authors introduce adversarial repackaging, a closed-loop attack that exploits AI reviewers' tendency to be impressed rather than convinced, and release a benchmark for testing robustness.

0 favorites 0 likes
#adversarial-attack

POISE: Position-Aware Undetectable Skill Injection on LLM Agents

Hugging Face Daily Papers · 2026-06-06 Cached

POISE is a stealthy skill-poisoning attack that embeds malicious triggers within benign-looking instructions, achieving high attack success rates while evading detection by LLM scanners.

0 favorites 0 likes
#adversarial-attack

Mental Damage: Caption Poisoning Attacks on Retrieval-Augmented Text-to-Music Generation

arXiv cs.AI · 2026-06-01 Cached

This paper introduces a dual-layer caption poisoning attack on retrieval-augmented text-to-music systems, showing that an attacker can inject malicious captions into the knowledge database to steer generated music toward attacker-chosen intent without modifying user prompts or models.

0 favorites 0 likes
#adversarial-attack

Can Subgraph Explanations Be Weaponized to Steal Graph Neural Networks?

arXiv cs.LG · 2026-06-01 Cached

This paper presents the first model extraction attack on graph classification under strict black-box constraints, exploiting subgraph explanations to estimate decision boundaries. The findings reveal that mandated explainability interfaces create exploitable security vulnerabilities in Graph Neural Network services.

0 favorites 0 likes
#adversarial-attack

Test-Time Training Undermines Safety Guardrails

arXiv cs.LG · 2026-05-25 Cached

This paper identifies three threat models for test-time training (TTT) that adversaries can exploit to bypass safety filters in LLMs, achieving high attack success rates. The findings reveal that TTT introduces new vulnerabilities that undermine existing safety guardrails.

0 favorites 0 likes
#adversarial-attack

Inaudible sounds to humans can be hidden in YouTube videos, podcasts, or music and used to secretly trigger AI voice assistants into carrying out unauthorized commands without the user noticing, exposing a new class of “auditory prompt injection” attacks against popular tools

Reddit r/singularity · 2026-05-24

Researchers have discovered that inaudible sounds can be embedded in YouTube videos, podcasts, or music to surreptitiously command AI voice assistants, enabling a new class of auditory prompt injection attacks.

0 favorites 0 likes
#adversarial-attack

Attention-Guided Reward for Reinforcement Learning-based Jailbreak against Large Reasoning Models

arXiv cs.AI · 2026-05-20 Cached

This paper investigates jailbreak attacks on Large Reasoning Models (LRMs), revealing that attack success correlates with attention patterns. The authors propose a reinforcement learning-based jailbreak method that incorporates attention signals into the reward function and uses diverse persuasion strategies, achieving significantly higher attack success rates across multiple benchmarks.

0 favorites 0 likes
#adversarial-attack

When Actions Disappear: Adversarial Action Removal in Self-Play Reinforcement Learning

arXiv cs.LG · 2026-05-19 Cached

This paper studies adversarial action masking in self-play reinforcement learning, where an attacker selectively removes legal actions from a victim's action set. The attack is shown to be significantly more damaging than random masking or perturbation baselines across multiple environments and algorithms, and victims do not recover under extended training.

0 favorites 0 likes
#adversarial-attack

AESOP: Adversarial Execution-path Selection to Overload Deep Learning Pipelines

arXiv cs.LG · 2026-05-13 Cached

This paper introduces AESOP, a framework for adversarial execution-path selection that significantly inflates FLOPs and latency in deep learning inference pipelines, revealing new efficiency-based vulnerabilities.

0 favorites 0 likes
#adversarial-attack

LLM-Agnostic Semantic Representation Attack

arXiv cs.CL · 2026-05-12 Cached

This paper introduces Semantic Representation Attack (SRA), a novel LLM-agnostic method that optimizes for malicious semantic representations rather than exact text, achieving high attack success rates across multiple open-source models.

0 favorites 0 likes
#adversarial-attack

When Background Matters: Breaking Medical Vision Language Models by Transferable Attack

Hugging Face Daily Papers · 2026-04-19 Cached

MedFocusLeak introduces the first transferable black-box adversarial attack on medical vision-language models, using imperceptible background perturbations to mislead clinical diagnoses across six imaging modalities.

0 favorites 0 likes
← Back to home

Submit Feedback