Empirical analysis of 444 iOS apps using dynamic traffic interception found 282 leaking LLM API keys across ten providers, with only 28% remediation after three months.
hub Canonical reference
In: IEEE Symposium on Security and Privacy (S&P)
Canonical reference. 92% of citing Pith papers cite this work as background.
hub tools
citation-role summary
citation-polarity summary
representative citing papers
The first systematization of reconstruction attacks on synthetic tabular data finds that generator choice dominates privacy risk over attack choice, with differential privacy effective only at low budgets and most leakage reflecting population structure rather than memorization.
Infinite agentic loops are a distinct failure mode in LLM agents arising from unbounded feedback paths, and IAL-Scan detects them via framework-independent static analysis with 91.9% precision on 6,549 repositories.
AgentFlow builds a framework-agnostic Agent Dependency Graph from agent program source code to support static analyses such as BOM generation and prompt-to-tool risk detection, evaluated on 5,399 real programs across five frameworks.
MHOT achieves provably minimal tree height via discriminative-bit indexing and hierarchical proofs, delivering up to 9X write throughput, 4X lower amplification, 2X smaller proofs, and 0% Nurgle attack success versus MPT on Ethereum workloads.
Formulates privacy-constrained advertising measurement as a robust causal decision problem under signal loss and derives a sharp decision frontier separating certifiable from unresolved incrementality claims.
Decentralized block building is an exact potential game with an asymptotically tight factor-2 Price of Anarchy and utility concentration bounds showing the lowest-utility builder earns at least half the highest.
PACZero achieves zero mutual information privacy in LLM fine-tuning via sign-quantized subset-aggregated ZO gradients, delivering near non-private accuracy on SST-2 at I=0.
A low-stake adversary can degrade a liquid staking pool's performance via consensus manipulation and profit from the resulting drop in its LST value through application-layer financial positions.
Cond-DP conditions DPSGD on public features with decaying spectra to achieve faster convergence guarantees and better empirical performance in label-DP regression.
ResAware improves cross-environment website fingerprinting robustness by distilling resource-privileged knowledge into a traffic-only student model, raising Var-CNN F1 from 72.77% to 81.49% under 150-day drift on a 160k-sample dataset.
Embedding and removing a dummy backdoor reduces unknown backdoor success in generative LLMs by targeting shared trigger-activated internal mechanisms.
GapFuzz detects cross-plane divergences in distributed SDN clusters by injecting timed contradictory Northbound requests on backup nodes and reconstructing state via replica queries plus kernel probes, reporting 81.7% detection on ONOS 2.7.
DNS over CoAP with packet length equalization, block-wise transfer, header and payload compression reduces DNS identification accuracy to 77-86% in constrained IoT scenarios, outperforming DNS over HTTPS.
TraceCodec is a compiler-backed neural codec that lifts packets to state-aware action latents for high-fidelity multi-flow trace generation, matching real traces within 0.03% on CICIDS2017.
A systematic review of on-device AI inference security finds defenses are imbalanced, with roughly half focused on IP theft while one-third of attacks (adversarial examples) lack any associated defenses.
PoisonCap uses a new poison capability format to deliver strict use-after-free and initialization safety for CHERI systems with no fundamental overhead over Cornucopia baselines.
An automated static-analysis pipeline generates labeled structural units from virtualization-obfuscated binaries so LLMs can analyze them without exceeding token limits.
Current AI image watermark removal attacks replace the watermark with a different forensic signal, allowing independent detectors to distinguish processed outputs from clean images at over 98% true-positive rate under a 1% false-positive budget.
GRASP detects anomalies in system provenance graphs via self-supervised executable prediction from two-hop neighborhoods, outperforming prior PIDS on DARPA datasets by identifying all documented attacks where behaviors are learnable plus additional unlabeled suspicious activity.
Metaphors scaffold youth privacy reasoning and design, with relational metaphors potentially increasing disclosure by framing systems as loyal companions.
Pomegranate compartmentalizes commodity OS kernels via virtualization extensions, sentry functions, and EPT-enforced policies, achieving negligible overhead on a Linux network stack when compartment boundaries limit cross-talk.
Semia synthesizes Datalog representations of agent skills via constraint-guided loops to enable reachability queries for semantic risks, finding critical issues in over half of 13,728 real skills with 97.7% recall on expert-labeled samples.
BadStyle creates stealthy backdoors in LLMs by poisoning samples with imperceptible style triggers and using an auxiliary loss to stabilize payload injection, achieving high attack success rates across multiple models while evading defenses.
citing papers explorer
-
Removing the Watermark Is Not Enough: Forensic Stealth in Generative-AI Watermark Removal
Current AI image watermark removal attacks replace the watermark with a different forensic signal, allowing independent detectors to distinguish processed outputs from clean images at over 98% true-positive rate under a 1% false-positive budget.