Skip to content

auto: new LLM security papers (run #16)#47

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
auto/papers-16
Open

auto: new LLM security papers (run #16)#47
github-actions[bot] wants to merge 1 commit into
mainfrom
auto/papers-16

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Automated Paper Fetch

New papers discovered from arXiv, Semantic Scholar, and CrossRef.

All entries are marked reviewed: false -- please review before merging.

New Entries

--- New Entries ---
- [llmsec-2026-00206] When Agents Remember Too Much: Memory Poisoning Attacks on Large Language Model Agents
  https://arxiv.org/abs/2607.06595
  Categories: memory-security
- [llmsec-2026-00207] Antaeus: Hunting Repository-Level Logic Vulnerabilities via Context-Grounded LLM Reasoning
  https://arxiv.org/abs/2607.01138
  Categories: agentic-threats
- [llmsec-2026-00208] A Lifecycle and Application-Stack Survey of Large Language Model Vulnerabilities: Attacks, Risks, Defenses, and Open Problems
  https://arxiv.org/abs/2606.31639
  Categories: autonomous-operations, survey
- [llmsec-2026-00209] Toward Secure and Reliable PDDL Formalization of Large Language Models with Planner-in-the-Loop Feedback
  https://arxiv.org/abs/2606.29700
  Categories: benchmarks
- [llmsec-2026-00210] An Empirical Evaluation of Prompt Injection Vulnerabilities in Large Language Models Across Multilingual and Obfuscated Attack Scenarios
  https://arxiv.org/abs/2606.29602
  Categories: prompt-injection
- [llmsec-2026-00211] Memory as an Attack Surface in LLM Agents: A Study on Multiple-Choice Question Answering
  https://arxiv.org/abs/2606.29030
  Categories: tool-use-security
- [llmsec-2026-00212] FlipGuard: Defending Large Language Models Against Quantization-Conditioned Backdoor Attacks
  https://arxiv.org/abs/2606.28962
  Categories: data-poisoning
- [llmsec-2026-00213] RIPA: Sensory-Vector Prompt Injection Attacks on LLM-Controlled ROS 2 Robots
  https://arxiv.org/abs/2606.28649
  Categories: prompt-injection
- [llmsec-2026-00214] Robust Harmful Features Under Jailbreak Attacks: Mechanistic Evidence from Attention Head Specialization in Large Language Models
  https://arxiv.org/abs/2606.28153
  Categories: jailbreaking, guardrails
- [llmsec-2026-00215] LLM agents security duality: a comprehensive survey of self-security and empowered cybersecurity
  https://arxiv.org/abs/2606.28450
  Categories: survey
- [llmsec-2026-00216] Representation Matters: An Empirical Study of Program Representations for LLM Vulnerability Reasoning
  https://arxiv.org/abs/2606.25356
  Categories: benchmarks
- [llmsec-2026-00217] HelpBench: Assessing the Ability of LLMs to Provide Privacy, Safety, and Security Advice
  https://arxiv.org/abs/2606.24819
  Categories: benchmarks
- [llmsec-2026-00218] Securing LLM-Agent Long-Term Memory Against Poisoning: Non-Malleable, Origin-Bound Authority with Machine-Checked Guarantees
  https://arxiv.org/abs/2606.24322
  Categories: memory-security
- [llmsec-2026-00219] Evaluating LLMs for Real-World Web Vulnerability Detection
  https://arxiv.org/abs/2606.21397
  Categories: benchmarks
- [llmsec-2026-00220] Local LLM Agents as Vulnerable Runtimes:A Source-Code Audit of the Agent Runtime Layer
  https://arxiv.org/abs/2606.21071
  Categories: prompt-injection
- [llmsec-2026-00221] Honeyquest for LLMs: Rethinking Cyber Deception for AI Attackers
  https://arxiv.org/abs/2606.21037
  Categories: benchmarks
- [llmsec-2026-00222] Calibration Without Comprehension: Diagnosing the Limits of Fine-Tuning LLMs for Vulnerability Detection in Systems Software
  https://arxiv.org/abs/2606.20502
  Categories: benchmarks
- [llmsec-2026-00223] The Consistency Dilemma in LLMs: Generator-Evaluator Agreement and Vulnerability to Mistakes
  https://arxiv.org/abs/2606.30653
  Categories: agentic-threats
- [llmsec-2026-00224] How Much Can We Trust LLM Search Agents? Measuring Endorsement Vulnerability to Web Content Manipulation
  https://arxiv.org/abs/2606.16821
  Categories: benchmarks, threat-modeling
- [llmsec-2026-00225] SkillVetBench: LLM-as-Judge for Multi-Dimensional Security Risk Evaluation in Open-Source LLM Agent Skills
  https://arxiv.org/abs/2606.15899
  Categories: agent-architecture
- [llmsec-2026-00226] Let Them Steal: Trapping Large Language Model Extraction Attacks with Knowledge Honeypot
  https://arxiv.org/abs/2606.15810
  Categories: model-extraction
- [llmsec-2026-00227] AttackonCTF: Defending Hardware Security Competition Benchmarks in the Age of LLMs
  https://arxiv.org/abs/2606.15809
  Categories: benchmarks
- [llmsec-2026-00228] AutoDojo: Adaptive Black-Box Attacks Reveal the Limits of IPI Defenses and Task-Specification Effects in LLM Agents
  https://arxiv.org/abs/2606.15057
  Categories: prompt-injection
- [llmsec-2026-00229] From Shield to Target: Denial-of-Service Attacks on LLM-Based Agent Guardrails
  https://arxiv.org/abs/2606.14517
  Categories: prompt-injection, jailbreaking, guardrails, autonomous-operations
- [llmsec-2026-00230] SkillMutator: Benchmarking and Defending Language-and-Code Cross-modal Attacks on LLM Agent Skills
  https://arxiv.org/abs/2606.14154
  Categories: benchmarks
- [llmsec-2026-00231] Can Open-Source LLM Agents Replace Static Application Security Testing Tools? An Empirical Assessment
  https://arxiv.org/abs/2606.11672
  Categories: agentic-threats
- [llmsec-2026-00232] MPC-Patch-Bench: Security-Aware LLM Code Patch for Multi-Party Computation
  https://arxiv.org/abs/2606.11416
  Categories: cryptographic-controls, benchmarks
- [llmsec-2026-00233] Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation
  https://arxiv.org/abs/2606.10749
  Categories: agentic-threats
- [llmsec-2026-00234] Multi-Agent Firewall Architecture for Privacy Protection of Sensitive Data in Interactions with Language Models
  https://arxiv.org/abs/2607.08282
  Categories: agent-architecture
- [llmsec-2026-00235] Prismata: Confining Cross-Site Prompt Injection in Web Agents
  https://arxiv.org/abs/2607.08147
  Categories: prompt-injection
- [llmsec-2026-00236] Efficient Safety Alignment of Language Models via Latent Personality Traits
  https://arxiv.org/abs/2607.07918
  Categories: adversarial-examples, guardrails
- [llmsec-2026-00237] Mechanistic Interpretability of LLM Jailbreaks via Internal Attribution Graphs
  https://arxiv.org/abs/2607.07903
  Categories: jailbreaking, adversarial-examples
- [llmsec-2026-00238] Open Models, Open Risks: Measuring Unsafe Generation in Text-to-Image Models In the Wild
  https://arxiv.org/abs/2607.07827
  Categories: jailbreaking
- [llmsec-2026-00239] Beware of Agentic Botnets: Scalable Untargeted Promptware Attacks via Universal and Transferable Adversarial HalluSquatting
  https://arxiv.org/abs/2607.07433
  Categories: prompt-injection, agentic-threats, threat-modeling
- [llmsec-2026-00240] Untrusted Content Masking for Web Agents with Security Guarantees
  https://arxiv.org/abs/2607.05277
  Categories: prompt-injection
- [llmsec-2026-00241] Agent Data Injection Attacks are Realistic Threats to AI Agents
  https://arxiv.org/abs/2607.05120
  Categories: prompt-injection, agentic-threats
- [llmsec-2026-00242] DualView: Preventing Indirect Prompt Injection in Personal AI Agents
  https://arxiv.org/abs/2607.03821
  Categories: prompt-injection
- [llmsec-2026-00243] Overloading Large Vision-Language Models for Jailbreaking
  https://arxiv.org/abs/2607.02961
  Categories: jailbreaking
- [llmsec-2026-00244] HARC: Coupling Harmfulness and Refusal Directions for Robust Safety Alignment
  https://arxiv.org/abs/2607.00572
  Categories: jailbreaking, guardrails
- [llmsec-2026-00245] Beyond the Prompt: Jailbreaking Function-Calling LLMs via Simulated Moderation Traces
  https://arxiv.org/abs/2607.00481
  Categories: jailbreaking
- [llmsec-2026-00246] Securing the AI Agent: A Unified Framework for Multi-Layer Agent Red Teaming
  https://arxiv.org/abs/2606.31227
  Categories: red-teaming
- [llmsec-2026-00247] Security--Fidelity Tradeoffs: The Hidden Cost of Prompt Injection Defense
  https://arxiv.org/abs/2606.30783
  Categories: prompt-injection, benchmarks
- [llmsec-2026-00248] Understanding and Evaluating Claw-like Agent Security Through a Computer-Systems Lens
  https://arxiv.org/abs/2606.30755
  Categories: agentic-threats, benchmarks
- [llmsec-2026-00249] Forensic Trajectory Signatures for Agent Memory Poisoning Detection
  https://arxiv.org/abs/2606.30566
  Categories: memory-security
- [llmsec-2026-00250] On the Inseparability of Instructions and Data in Shared-Embedding Sequence Models
  https://arxiv.org/abs/2606.27567
  Categories: prompt-injection, access-control
- [llmsec-2026-00251] Jailbreaking for the Average Jane: Choosing Optimal Jailbreaks via Bandit Algorithms for Automatically Enhanced Queries
  https://arxiv.org/abs/2606.26936
  Categories: jailbreaking
- [llmsec-2026-00252] MIRROR: Novelty-Constrained Memory-Guided MCTS Red-Teaming for Agentic RAG
  https://arxiv.org/abs/2606.26793
  Categories: prompt-injection, agentic-threats, red-teaming, benchmarks
- [llmsec-2026-00253] Agents That Know Too Much: A Data-Centric Survey of Privacy in LLM Agents
  https://arxiv.org/abs/2606.26627
  Categories: survey
- [llmsec-2026-00254] Adversarial Diffusion Across Modalities: A Fusion Survey of Attacks, Defenses, and Evaluation for Text, Vision, and Vision-Language Models
  https://arxiv.org/abs/2606.26566
  Categories: jailbreaking, benchmarks, survey, threat-modeling
- [llmsec-2026-00255] Adaptive Evaluation of Out-of-Band Defenses Against Prompt Injection in LLM Agents
  https://arxiv.org/abs/2606.26479
  Categories: prompt-injection, benchmarks
- [llmsec-2026-00256] RAS: Measuring LLM Safety Through Refusal Alignment
  https://arxiv.org/abs/2606.25750
  Categories: jailbreaking, guardrails
- [llmsec-2026-00257] How Reliable Is Your Jailbreak Judge? Calibration and Adversarial Robustness of Automated ASR Scoring
  https://arxiv.org/abs/2606.25487
  Categories: prompt-injection, jailbreaking
- [llmsec-2026-00258] PixJail: Self-Evolving Paper-to-Pipeline Reproduction for Text-to-Image Jailbreak Evaluation
  https://arxiv.org/abs/2606.24081
  Categories: jailbreaking, benchmarks
- [llmsec-2026-00259] TROPT: An Open Framework for Unifying and Advancing Discrete Text Optimization
  https://arxiv.org/abs/2606.23496
  Categories: jailbreaking, red-teaming
- [llmsec-2026-00260] Detecting Malicious Agent Skills in the Wild using Attention
  https://arxiv.org/abs/2606.23416
  Categories: agentic-threats
- [llmsec-2026-00261] DE-FIVE: Detecting Malicious Image Prompts via Fourier Features and Image Vector Embeddings
  https://arxiv.org/abs/2606.22779
  Categories: prompt-injection, adversarial-examples
- [llmsec-2026-00262] The Geometry of Refusal: Linear Instability in Safety-Aligned LLMs
  https://arxiv.org/abs/2606.22686
  Categories: guardrails
- [llmsec-2026-00263] Confidently Wrong: Severity-Aware Calibration of Prompt-Injection Detectors under Attack Shift
  https://arxiv.org/abs/2606.22659
  Categories: benchmarks
- [llmsec-2026-00264] Safe to Check, Unsafe to Use: Relinking at the Compression Boundary of LLM Agents
  https://arxiv.org/abs/2606.21732
  Categories: prompt-injection
- [llmsec-2026-00265] Toward Open Weight Models Without Risks: Separating Public and Private Capabilities in LLMs
  https://arxiv.org/abs/2606.21638
  Categories: jailbreaking
- [llmsec-2026-00266] AgenticOS: An Intent-Oriented Secure Operating System Architecture for Autonomous AI Agents
  https://arxiv.org/abs/2606.21129
  Categories: prompt-injection, agentic-threats, access-control, tool-use-security, autonomous-operations
- [llmsec-2026-00267] Scalable Hierarchical Attention Transformers for Multi-Turn Jailbreak Detection in Long Conversations
  https://arxiv.org/abs/2606.21082
  Categories: jailbreaking
- [llmsec-2026-00268] Think Twice Before You Act: Protecting LLM Agents Against Tool Description Poisoning via Isolated Planning
  https://arxiv.org/abs/2606.20922
  Categories: prompt-injection
- [llmsec-2026-00269] Analyzing Defensive Misdirection Against Model-Guided Automated Attacks on Agentic AI Systems
  https://arxiv.org/abs/2606.20470
  Categories: jailbreaking, agentic-threats
- [llmsec-2026-00270] A Layered Security Framework Against Prompt Injection in RAG-Based Chatbots
  https://arxiv.org/abs/2606.19660
  Categories: prompt-injection, input-filtering
- [llmsec-2026-00271] Amplify, Don't Create: Temporal Accumulation for Slow-Burn Prompt Injection
  https://arxiv.org/abs/2606.20746
  Categories: prompt-injection
- [llmsec-2026-00272] CodeSentinel: A Three-Layer Defense Against Indirect Prompt Injection in Code Contexts
  https://arxiv.org/abs/2606.19235
  Categories: prompt-injection
- [llmsec-2026-00273] The Gate Is Only as Honest as Its Contracts: ContractGuard for the Contract Layer of Risk-Aware Causal Gating
  https://arxiv.org/abs/2606.18550
  Categories: prompt-injection, access-control, tool-use-security
- [llmsec-2026-00274] SafeClawBench: Separating Semantic, Audit-Evidence, and Sandbox Harm in Tool-Using LLM Agents
  https://arxiv.org/abs/2606.18356
  Categories: agentic-threats, sandboxing-isolation, benchmarks
- [llmsec-2026-00275] A Red-Team Study of Anthropic Fable 5 & Opus 4.8 Models
  https://arxiv.org/abs/2606.18193
  Categories: jailbreaking, red-teaming
- [llmsec-2026-00276] Adversarial Pragmatics for AI Safety Evaluation: A Benchmark for Instruction Conflict, Embedded Commands, and Policy Ambiguity
  https://arxiv.org/abs/2607.01153
  Categories: agentic-threats, benchmarks
- [llmsec-2026-00277] Yuvion LLM: An Adversarially-Aware Large Language Model for Content And AI Safety
  https://arxiv.org/abs/2606.27632
  Categories: tool-use-security
- [llmsec-2026-00278] MultiTurnPSB: Evaluating Multi-Turn Jailbreak Attacks an dClassifier-Based Defenses for Medical AI Safety
  https://arxiv.org/abs/2606.02630
  Categories: jailbreaking, adversarial-examples
- [llmsec-2026-00279] AI Security Research Should Better Incentivize Defense Research
  https://arxiv.org/abs/2605.23448
  Categories: membership-inference, federated-learning
- [llmsec-2026-00280] The Poisoned Chalice of LLM Evaluation Report
  https://arxiv.org/abs/2607.07481
  Categories: benchmarks
- [llmsec-2026-00281] ReShift: Aha-Moment-Driven Reasoning-Level Backdoor Attacks on Vision-Language Models
  https://arxiv.org/abs/2607.00361
  Categories: data-poisoning
- [llmsec-2026-00282] Curvature-Guided Module Localization for Low-Rank Detoxification of Backdoored Large Language Models
  https://arxiv.org/abs/2606.30899
  Categories: data-poisoning
- [llmsec-2026-00283] Theory of Continual Learning Against Data Poisoning Attacks
  https://arxiv.org/abs/2606.29841
  Categories: data-poisoning
- [llmsec-2026-00284] Why Trust Your Agent? Empirical Security Gains from TRiSM-Guided Agentic Workflows in Healthcare
  https://arxiv.org/abs/2606.28666
  Categories: agentic-threats
- [llmsec-2026-00285] When the Aggregator Cheats: Data-Free Backdoors in Federated LLM-based QA Systems
  https://arxiv.org/abs/2606.27511
  Categories: federated-learning
- [llmsec-2026-00286] Detect, Unlearn, Restore: Defending Text Summarization Models Against Data Poisoning
  https://arxiv.org/abs/2606.26036
  Categories: data-poisoning
- [llmsec-2026-00287] Forget to Improve: On-Device LLM-Agent Continual Learning via Budget-Curated Memory
  https://arxiv.org/abs/2606.25115
  Categories: agentic-threats
- [llmsec-2026-00288] LLM-Based Scientific Peer Review: Methods, Benchmarks, and Reliability Challenges
  https://arxiv.org/abs/2606.25057
  Categories: benchmarks, survey
- [llmsec-2026-00289] The Containment Gap: How Deployed Agentic AI Frameworks Fail Public-Facing Safety Requirements
  https://arxiv.org/abs/2606.12797
  Categories: agentic-threats
- [llmsec-2026-00290] Securing Code Understanding: Detecting Natural Backdoor Vulnerability in Code Language Models
  https://arxiv.org/abs/2606.10846
  Categories: data-poisoning
- [llmsec-2026-00291] MemVenom: Triggered Poisoning of Multimodal Memories in Web Agents
  https://arxiv.org/abs/2606.10742
  Categories: memory-security
- [llmsec-2026-00292] Game-Theoretic Multi-Agent Control for Robust Contextual Reasoning in LLMs
  https://arxiv.org/abs/2606.10322
  Categories: agent-architecture
- [llmsec-2026-00293] Defending Against Malicious Finetuning by Scaling Train-time Adversarial Attacks
  https://arxiv.org/abs/2606.07970
  Categories: adversarial-examples, guardrails
- [llmsec-2026-00294] Steering Vectors are an Adversarial Attack Surface
  https://arxiv.org/abs/2606.05958
  Categories: jailbreaking, data-poisoning, adversarial-examples
- [llmsec-2026-00295] Membrane: A Self-Evolving Contrastive Safety Memory for LLM Agent Defense
  https://arxiv.org/abs/2606.05743
  Categories: jailbreaking, guardrails
- [llmsec-2026-00296] Patcher: Post-Hoc Patching of Backdoored Large Language Models
  https://arxiv.org/abs/2606.02995
  Categories: jailbreaking, data-poisoning, guardrails
- [llmsec-2026-00297] BYORn: Bootstrap Your Own Responses to Defend Large Vision-Language Models Against Backdoor Attacks
  https://arxiv.org/abs/2606.02947
  Categories: data-poisoning
- [llmsec-2026-00298] Hijacking Agent Memory: Stealthy Trojan Attacks Through Conversational Interaction
  https://arxiv.org/abs/2605.29960
  Categories: memory-security
- [llmsec-2026-00299] When Medical Safety Alignment Fails: A Benchmark for Evaluating LLMs on High-Risk Medical Queries
  https://arxiv.org/abs/2606.28332
  Categories: guardrails, benchmarks
- [llmsec-2026-00300] Cordyceps: Covert Control Attacks on LLMs via Data Poisoning
  https://arxiv.org/abs/2605.26595
  Categories: data-poisoning, monitoring-detection
- [llmsec-2026-00301] GradSentry: Gradient Spectral Entropy for Backdoor Sample Filtering in Large Language Model Fine-Tuning
  https://arxiv.org/abs/2605.26574
  Categories: data-poisoning
- [llmsec-2026-00302] Security of OpenClaw Agents: Fundamentals, Attacks, and Countermeasures
  https://arxiv.org/abs/2605.25435
  Categories: autonomous-operations
- [llmsec-2026-00303] Security in the Fine-Tuning Lifecycle of Large Language Models: Threats, Defenses,Evaluation, and Future Directions
  https://arxiv.org/abs/2605.25073
  Categories: data-poisoning, fine-tuning-security, survey
- [llmsec-2026-00304] When the Manual Lies: A Realistic Benchmark to Evaluate MCP Poisoning Attacks for LLM Agents
  https://arxiv.org/abs/2605.24069
  Categories: benchmarks
- [llmsec-2026-00305] Backdooring Masked Diffusion Language Models
  https://arxiv.org/abs/2605.19262
  Categories: data-poisoning
- [llmsec-2026-00306] Be Kind, Rewrite: Benign Projections via Rewriting Defend Against LLM Data Poisoning Attacks
  https://arxiv.org/abs/2605.19147
  Categories: data-poisoning
- [llmsec-2026-00307] Surviving the Unseen: Predictive Defense for Novel Multi-Turn Multimodal Attacks
  https://arxiv.org/abs/2605.18988
  Categories: agentic-threats, guardrails, autonomous-operations
- [llmsec-2026-00308] Not What You Asked For: Typographic Attacks in Household Robot Manipulation
  https://arxiv.org/abs/2605.18593
  Categories: benchmarks
- [llmsec-2026-00309] OEP: Poisoning Self-Evolving LLM Agents via Locally Correct but Non-Transferable Experiences
  https://arxiv.org/abs/2605.18930
  Categories: agentic-threats
- [llmsec-2026-00310] Hidden in Memory: Sleeper Memory Poisoning in LLM Agents
  https://arxiv.org/abs/2605.15338
  Categories: memory-security
- [llmsec-2026-00311] SolarChain-Eval: A Physics-Constrained Benchmark for Trustworthy Economic Agents in Decentralized Energy Markets
  https://arxiv.org/abs/2607.08681
  Categories: agentic-threats, benchmarks, autonomous-operations
- [llmsec-2026-00312] Persuasion Attacks Can Decrease Effectiveness of CoT Monitoring
  https://arxiv.org/abs/2607.08066
  Categories: jailbreaking, monitoring-detection
- [llmsec-2026-00313] Institutional Red-Teaming: Deployment Rules, Not Just Models, Causally Shape Multi-Agent AI Safety
  https://arxiv.org/abs/2607.07695
  Categories: red-teaming, benchmarks, agent-architecture
- [llmsec-2026-00314] Multi-Agent AI Control: Distributed Attacks Hamper Per-Instance Monitors
  https://arxiv.org/abs/2607.07368
  Categories: agent-architecture
- [llmsec-2026-00315] Security and Privacy in Agentic AI: Grand Challenges and Future Directions
  https://arxiv.org/abs/2607.06608
  Categories: agentic-threats
- [llmsec-2026-00316] The Balkanization of Execution-Security Research for AI Coding Agents: Isolation, Access Control, and Time-of-Check-to-Time-of-Use Vulnerabilities
  https://arxiv.org/abs/2607.05743
  Categories: access-control, sandboxing-isolation, human-in-the-loop
- [llmsec-2026-00317] aiAuthZ: Off-Host, Identity-Bound Authorization for AI Agents
  https://arxiv.org/abs/2607.05518
  Categories: access-control
- [llmsec-2026-00318] CAGE-1: Control, Assurance, and Governance Evaluation for Enterprise Agentic AI
  https://arxiv.org/abs/2607.03510
  Categories: agentic-threats
- [llmsec-2026-00319] Securing Multi-Tool AI Agent Chains With Dynamic, Real-Time Compositional Policies
  https://arxiv.org/abs/2607.03423
  Categories: guardrails
- [llmsec-2026-00320] Agentic-SecPBFT: Agentic AI-Driven Proactive Security Framework for Wireless PBFT Consensus in Mobile Ad-Hoc Networks
  https://arxiv.org/abs/2607.03269
  Categories: agentic-threats
- [llmsec-2026-00321] Hardware-Enforced Semantic Coordination for Safety-Critical Real-Time Autonomous Systems
  https://arxiv.org/abs/2607.02376
  Categories: agentic-threats
- [llmsec-2026-00322] Copewell: A Multi-Agent Swarm Architecture for Equitable Mental Wellness Support
  https://arxiv.org/abs/2607.02245
  Categories: agent-architecture
- [llmsec-2026-00323] Janus: a Playground for User-Involved Agentic Permission Management
  https://arxiv.org/abs/2607.01510
  Categories: agentic-threats
- [llmsec-2026-00324] An Agentic AI Framework to Accelerate Scientific Discovery in Plant Phenotyping
  https://arxiv.org/abs/2606.31831
  Categories: agentic-threats
- [llmsec-2026-00325] Verification-Gated Agentic Mission-State Governance for Intelligent Industrial Multi-Robot Systems
  https://arxiv.org/abs/2606.31339
  Categories: agentic-threats
- [llmsec-2026-00326] Tool Use Enables Undetectable Steganography in Multi-Agent LLM Systems
  https://arxiv.org/abs/2606.28425
  Categories: agentic-threats, agent-architecture, tool-use-security, autonomous-operations
- [llmsec-2026-00327] The Unfireable Safety Kernel: Execution-Time AI Alignment for AI Agents and Other Escapable AI Systems
  https://arxiv.org/abs/2606.26057
  Categories: output-moderation, guardrails, access-control
- [llmsec-2026-00328] SkyChain Intelligence: A Blockchain-Secured Multi-Agent DRL Framework for Low-Altitude Embodied Artificial Intelligence
  https://arxiv.org/abs/2606.24193
  Categories: agent-architecture
- [llmsec-2026-00329] Critique of Agent Model
  https://arxiv.org/abs/2606.23991
  Categories: agentic-threats
- [llmsec-2026-00330] RIFT-Bench: Dynamic Red-teaming For Agentic AI Systems
  https://arxiv.org/abs/2606.23927
  Categories: agentic-threats, red-teaming
- [llmsec-2026-00331] Rising From the Ashes: How Agentic AI is Unblocking Challenges in Cybersecurity
  https://arxiv.org/abs/2606.23138
  Categories: agentic-threats
- [llmsec-2026-00332] AgentRiskBOM: A Risk-Scoping Security Bill of Materials for Agentic AI Systems
  https://arxiv.org/abs/2606.21877
  Categories: agentic-threats, human-in-the-loop
- [llmsec-2026-00333] Efficient and Sound Probabilistic Verification for AI Agents
  https://arxiv.org/abs/2606.20510
  Categories: monitoring-detection
- [llmsec-2026-00334] PowerAgentBench-Dyn: A Benchmark for Agentic AI in Power System Dynamic Studies
  https://arxiv.org/abs/2606.20401
  Categories: agentic-threats, benchmarks
- [llmsec-2026-00335] Deontic Policies for Runtime Governance of Agentic AI Systems
  https://arxiv.org/abs/2606.19464
  Categories: agentic-threats, access-control, autonomous-operations
- [llmsec-2026-00336] TxBench-PP: Analyzing AI Agent Performance on Small-Molecule Preclinical Pharmacology
  https://arxiv.org/abs/2606.19245
  Categories: benchmarks
- [llmsec-2026-00337] Code-Augur: Agentic Vulnerability Detection via Specification Inference
  https://arxiv.org/abs/2606.18619
  Categories: agentic-threats
- [llmsec-2026-00338] PromptStudio: A Governance-Aware Agentic AI Framework for Automated Prompt Generation, Optimization, Evaluation, and Lifecycle Management
  https://doi.org/10.22214/ijraset.2026.84092
  Categories: agentic-threats
- [llmsec-2026-00339] Auto-Devops GPT: An Agentic AI Framework for Self-Healing CI/CD Pipelines Using LLM-Based Root Cause Analysis and Reinforcement Learning
  https://doi.org/10.22214/ijraset.2026.84056
  Categories: agentic-threats
- [llmsec-2026-00340] Exploiting large language models in peer review: indirect prompt injection attacks and integrity probes
  https://doi.org/10.1007/s11192-026-05695-x
  Categories: prompt-injection
- [llmsec-2026-00341] Privacy-Preserving GAN for Synthetic Data against Membership Inference Attack
  https://doi.org/10.1145/3820889
  Categories: membership-inference
- [llmsec-2026-00342] CIVIL AND CRIMINAL LIABILITY OF DEEPFAKE AI PLATFORM PROVIDERS IN VIOLATIONS OF THE RIGHT TO REPUTATION
  https://doi.org/10.71131/0rqvry57
  Categories: social-engineering

Generated by the weekly paper fetch workflow (run #16, trigger: schedule).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant