pith. sign in

arxiv: 2605.30650 · v1 · pith:TKMQPSWCnew · submitted 2026-05-28 · 💻 cs.CR

When AI Meets Wall Street: A Survey on Trustworthy AI in Fintech

Qingwen Zeng , Zhenghao Zhao , Yitian Yang , Yiqi Zhu , Fangchen Liu , Zhaoge Bi , Moe Thandar Kyaw Wynn , Kim-Kwang Raymond Choo
show 1 more author
Huaming Chen
This is my paper

Pith reviewed 2026-06-29 06:15 UTC · model grok-4.3

classification 💻 cs.CR
keywords trustworthy AIfintech securityadversarial attacksfinancial AIattack taxonomylifecycle frameworkrobustness benchmarksAI pipelines
0
0 comments X

The pith

Financial AI requires a dedicated lifecycle taxonomy because generic adversarial analyses miss accounting rules and automation-amplified effects.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper claims that prior surveys either position AI only as a defense or treat adversarial machine learning without regard to finance-specific limits such as accounting plausibility, non-IID federated data, continuous retraining, and the way automation turns small changes into large downstream losses. It therefore partitions financial AI pipelines into three stages—training and updating, deployment and inference, and operation with monitoring and feedback—and introduces the Financial AI Security and Robustness Taxonomy. The taxonomy groups seventeen attack subtypes that include data and model poisoning, decision-boundary adversarial attacks, prompt injection in LLM workflows, and deepfake attacks on KYC layers. For each subtype the authors examine algorithmic strategy, feasibility under financial constraints, stealth and persistence, and concrete financial consequences. The resulting framework is intended to support lifecycle-aware stress testing and domain-relevant robustness benchmarks.

Core claim

The paper establishes a unified, lifecycle-centric and mechanism-driven framework for financial AI security by partitioning the system into training and updating, deployment and inference, and operation, monitoring, and feedback, and introduces the Financial AI Security and Robustness Taxonomy that organises seventeen attack subtypes with analysis of their strategies, constraints, stealth, and consequences.

What carries the argument

The Financial AI Security and Robustness Taxonomy, which organises seventeen attack subtypes across data and model poisoning, adversarial attacks on decision boundaries, prompt injection in LLM workflows, and deepfake subversion of KYC layers, and supplies per-subtype analysis of algorithmic strategy, feasibility, stealth, persistence, and downstream financial effects.

If this is right

  • Data and model poisoning attacks must satisfy accounting plausibility checks that do not apply in non-financial domains.
  • Continuous retraining pipelines create persistent attack surfaces that static-model robustness methods do not address.
  • LLM-mediated financial workflows introduce prompt-injection vectors whose downstream effects scale with automated execution.
  • Deepfake attacks on KYC layers can subvert automated identity verification at volumes that manual review cannot contain.
  • Robustness benchmarks that ignore non-IID federated data and automation amplification will underestimate real financial exposure.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Adoption of the taxonomy would allow regulators to require stage-specific stress tests rather than generic model audits.
  • The monitoring-and-feedback stage may need new detection primitives for attacks that persist across retraining cycles.
  • The same lifecycle partition could be applied to other regulated automated domains such as healthcare claims processing.
  • Empirical mapping of documented fintech incidents onto the seventeen subtypes would test whether coverage is complete.

Load-bearing premise

Existing surveys either treat AI as a defensive tool or analyse adversarial machine learning without regard to finance-specific constraints such as accounting plausibility, non-IID federated data, continuous retraining, and automation-amplified downstream effects.

What would settle it

A single comprehensive prior survey that already organises all seventeen listed attack subtypes with explicit treatment of accounting plausibility, non-IID data effects, continuous retraining, and regulatory downstream consequences would eliminate the stated gap.

Figures

Figures reproduced from arXiv: 2605.30650 by Fangchen Liu, Huaming Chen, Kim-Kwang Raymond Choo, Moe Thandar Kyaw Wynn, Qingwen Zeng, Yiqi Zhu, Yitian Yang, Zhaoge Bi, Zhenghao Zhao.

Figure 1
Figure 1. Figure 1: Financial AI Security & Robustness Taxonomy. The figure illustrates the proposed lifecycle-centric and mechanism-grounded [PITH_FULL_IMAGE:figures/full_fig_p008_1.png] view at source ↗
read the original abstract

Artificial intelligence is now embedded as a primary decision engine in continuously operated financial AI pipelines spanning training and updating, deployment and inference, and operation with monitoring and feedback. The automation and scale that make these pipelines effective also create novel attack surfaces, where small algorithmic perturbations can amplify into persistent, system-level financial harm. Existing surveys, however, either treat AI as a defensive tool or analyse adversarial machine learning in a domain-agnostic manner, abstracting away finance-specific constraints such as accounting plausibility, non-IID federated data, continuous retraining, and automation-amplified downstream effects. We address this gap with a unified, lifecycle-centric and mechanism-driven framework. We partition financial AI into three lifecycle stages: training and updating, deployment and inference, and operation, monitoring, and feedback. We further propose the Financial AI Security and Robustness Taxonomy, organising seventeen attack subtypes across data and model poisoning, adversarial attacks on decision boundaries, prompt injection in LLM-mediated workflows, and deepfake-driven subversion of KYC verification layers. For each subtype, we analyse algorithmic strategy, feasibility constraints, stealth and persistence, and downstream financial consequences. Finally, we identify open challenges and outline a research agenda toward lifecycle-aware stress testing and finance-relevant robustness benchmarks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The manuscript is a survey on trustworthy AI in fintech. It motivates the work by noting that automation in financial AI pipelines creates novel attack surfaces with potential for system-level harm, critiques prior surveys for being either defensive-focused or domain-agnostic, and proposes a lifecycle-centric framework that partitions financial AI into three stages (training and updating; deployment and inference; operation, monitoring, and feedback). It further introduces the Financial AI Security and Robustness Taxonomy that organises seventeen attack subtypes (spanning data/model poisoning, adversarial attacks on decision boundaries, prompt injection in LLM workflows, and deepfake subversion of KYC), with per-subtype analysis of algorithmic strategy, feasibility constraints, stealth/persistence, and downstream financial consequences, before outlining open challenges and a research agenda on lifecycle-aware stress testing and finance-relevant benchmarks.

Significance. If the taxonomy accurately organises the claimed seventeen subtypes and the per-subtype analyses incorporate the stated finance-specific constraints (accounting plausibility, non-IID federated data, continuous retraining, automation-amplified effects), the survey would supply a needed unified reference that existing domain-agnostic or defensive-only surveys omit. The explicit linkage of attack mechanisms to financial downstream effects and the call for finance-relevant robustness benchmarks could usefully orient future work.

minor comments (2)
  1. [Abstract] Abstract: the claim of organising 'seventeen attack subtypes' and providing analyses of 'algorithmic strategy, feasibility constraints, stealth and persistence, and downstream financial consequences' for each is stated without any concrete example or table excerpt; adding one illustrative subtype (with its four analysis dimensions) to the abstract would immediately convey the depth of coverage.
  2. The manuscript introduces an invented taxonomy name ('Financial AI Security and Robustness Taxonomy') without an accompanying figure or table that enumerates all seventeen subtypes and their placement across the three lifecycle stages; such an overview table would strengthen the central organisational claim.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the detailed summary of our survey and the positive evaluation of its contributions. The recommendation for minor revision is noted. No major comments were provided in the report, so we have no specific points requiring rebuttal or revision at this stage.

Circularity Check

0 steps flagged

No significant circularity: survey taxonomy built from external literature

full rationale

This is a survey paper whose central contribution is a proposed lifecycle partition and a taxonomy of 17 attack subtypes drawn from reviewed external literature. No equations, fitted parameters, predictions, or derivations appear in the abstract or described structure. The framework is presented as an organizational synthesis rather than a reduction of any input by construction. No self-citation load-bearing steps or uniqueness theorems are invoked in the provided material. The derivation chain is therefore self-contained as a literature review and does not reduce to the authors' own prior outputs.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central addition is an invented taxonomy whose coverage and utility rest on the authors' literature selection and domain assumptions stated in the abstract.

axioms (1)
  • domain assumption Finance-specific constraints such as accounting plausibility, non-IID federated data, continuous retraining, and automation-amplified downstream effects are abstracted away in existing domain-agnostic surveys.
    Explicitly stated in the abstract as the motivation for the new framework.
invented entities (1)
  • Financial AI Security and Robustness Taxonomy no independent evidence
    purpose: Organizing seventeen attack subtypes across the financial AI lifecycle
    Proposed by the authors as a new organizing structure.

pith-pipeline@v0.9.1-grok · 5781 in / 1321 out tokens · 35052 ms · 2026-06-29T06:15:13.692730+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

129 extracted references · 24 canonical work pages · 9 internal anchors

  1. [1]

    Jawad Ahmad, Wajiha Salman, Muzamal Amin, Zain Ali, and Shumail Shokat. 2024. A survey on enhanced approaches for cyber security challenges based on deep fake technology in computing networks.Spectrum of engineering sciences(2024), 133–149

    2024

  2. [2]

    Khalifa Al-Dosari, Noora Fetais, and Murat Kucukvar. 2024. Artificial intelligence and cyber defense system for banking industry: A qualitative study of AI applications and challenges.Cybernetics and systems55, 2 (2024), 302–330

    2024

  3. [3]

    Iñaki Aldasoro, Peter Hördahl, Andreas Schrimpf, and Xingyu Sonya Zhu. 2025. Predicting financial market stress with machine learning.A vailable at SSRN(2025)

    2025

  4. [4]

    Aleksandrina Aleksandrova, Valentina Ninova, and Zhelyo Zhelev. 2023. A survey on ai implementation in finance,(cyber) insurance and financial controlling.Risks11, 5 (2023), 91

    2023

  5. [5]

    Scott Alfeld, Xiaojin Zhu, and Paul Barford. 2016. Data poisoning attacks against autoregressive models. InProceedings of the AAAI conference on artificial intelligence, Vol. 30

    2016

  6. [6]

    Meysam Alizadeh, Zeynab Samei, Daria Stetsenko, and Fabrizio Gilardi. 2025. Simple prompt injection attacks can leak personal data observed by llm agents during task execution.arXiv preprint arXiv:2506.01055(2025)

    work page arXiv 2025

  7. [7]

    Muath Asmar and Alia Tuqan. 2024. Integrating machine learning for sustaining cybersecurity in digital banks.Heliyon10, 17 (2024)

    2024

  8. [8]

    Eugene Bagdasaryan, Andreas Veit, Yiqing Hua, Deborah Estrin, and Vitaly Shmatikov. 2020. How to backdoor federated learning. InInternational conference on artificial intelligence and statistics. PMLR, 2938–2948

    2020

  9. [9]

    Salman Bahoo, Marco Cucculelli, Xhoana Goga, and Jasmine Mondolo. 2024. Artificial intelligence in Finance: a comprehensive review through bibliometric and content analysis.SN Business & Economics4, 2 (2024), 23

    2024

  10. [10]

    Vincent Ballet, Xavier Renard, Jonathan Aigrain, Thibault Laugel, Pascal Frossard, and Marcin Detyniecki. 2019. Imperceptible adversarial attacks on tabular data.arXiv preprint arXiv:1911.03274(2019)

    work page arXiv 2019

  11. [11]

    Fatih Bayhan. 2025. Prompt injection attacks on large language models: A systematic literature review. (2025)

    2025

  12. [12]

    Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Šrndić, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. InJoint European conference on machine learning and knowledge discovery in databases. Springer, 387–402

    2013

  13. [13]

    Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. InProceedings of the 2018 ACM SIGSAC conference on computer and communications security. 2154–2156

    2018

  14. [14]

    Peva Blanchard, El Mahdi El Mhamdi, Rachid Guerraoui, and Julien Stainer. 2017. Machine learning with adversaries: Byzantine tolerant gradient descent.Advances in neural information processing systems30 (2017)

    2017

  15. [15]

    Financial Stability Board. 2024. The financial stability implications of artificial intelligence.Basel: Financial Stability Board(2024)

    2024

  16. [16]

    Panagiotis Bountakas, Apostolis Zarras, Alexios Lekidis, and Christos Xenakis. 2023. Defense strategies for adversarial machine learning: A survey. Computer Science Review49 (2023), 100573

    2023

  17. [17]

    Balajee Asish Brahmandam. 2025. MLOps in Finance: Automating Compliance & Fraud Detection.International Journal of Computer Trends and Technology (IJCTT)73, 4 (2025), 35–41. Manuscript submitted to ACM 32 Zeng, et al

    2025

  18. [18]

    Miles Brundage, Shahar Avin, Jack Clark, Helen Toner, Peter Eckersley, Ben Garfinkel, Allan Dafoe, Paul Scharre, Thomas Zeitzoff, Bobby Filar, et al. 2018. The malicious use of artificial intelligence: Forecasting, prevention, and mitigation.arXiv preprint arXiv:1802.07228(2018)

    work page arXiv 2018

  19. [19]

    Emilio Calvano, Giacomo Calzolari, Vincenzo Denicolo, and Sergio Pastorello. 2020. Artificial intelligence, algorithmic pricing, and collusion. American Economic Review110, 10 (2020), 3267–3297

    2020

  20. [20]

    Ricardo JGB Campello, Davoud Moulavi, and Jörg Sander. 2013. Density-based clustering based on hierarchical density estimates. InPacific-Asia conference on knowledge discovery and data mining. Springer, 160–172

    2013

  21. [21]

    Sean Shun Cao, Wei Jiang, Lijun Gillian Lei, et al. 2024. Applied AI for finance and accounting: Alternative data and opportunities.Pacific-Basin Finance Journal84 (2024), 102307

    2024

  22. [22]

    Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong. 2020. Fltrust: Byzantine-robust federated learning via trust bootstrapping.arXiv preprint arXiv:2012.13995(2020)

    work page arXiv 2020

  23. [23]

    Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In2017 ieee symposium on security and privacy (sp). Ieee, 39–57

    2017

  24. [24]

    Francesco Cartella, Orlando Anunciacao, Yuki Funabiki, Daisuke Yamaguchi, Toru Akishita, and Olivier Elshocht. 2021. Adversarial attacks for tabular data: Application to fraud detection and imbalanced data.arXiv preprint arXiv:2101.08030(2021)

    work page arXiv 2021

  25. [25]

    Huaming Chen and M Ali Babar. 2024. Security for machine learning-based software systems: A survey of threats, practices, and challenges. Comput. Surveys56, 6 (2024), 1–38

    2024

  26. [26]

    Peng Chen, Xin Du, Zhihui Lu, and Hongfeng Chai. 2024. Universal adversarial backdoor attacks to fool vertical federated learning.Computers & Security137 (2024), 103601

    2024

  27. [27]

    Yu-Ying Chen, Chiao-Ting Chen, Chuan-Yun Sang, Yao-Chun Yang, and Szu-Hao Huang. 2021. Adversarial attacks against reinforcement learning-based portfolio management strategy.IEEE Access9 (2021), 50667–50685

    2021

  28. [28]

    Zhen Chen, Jianqiang Yu, Shuang Fan, Jing Zhao, and Dianlong You. 2025. Latent diffusion model-based data poisoning attack against QoS-aware cloud API recommender system.Computer Networks260 (2025), 111120

    2025

  29. [29]

    Chun Wai Chiu, Linghan Huang, Bo Li, Huaming Chen, and Kim-Kwang Raymond Choo. 2025. Do as I say not as I do’: A Semi-Automated Approach for Jailbreak Prompt Attack against Multimodal LLMs.arXiv preprint arXiv:2502.00735(2025)

    work page arXiv 2025

  30. [30]

    Alexander D’Amour, Katherine Heller, Dan Moldovan, Ben Adlam, Babak Alipanahi, Alex Beutel, Christina Chen, Jonathan Deaton, Jacob Eisenstein, Matthew D Hoffman, et al. 2022. Underspecification presents challenges for credibility in modern machine learning.Journal of Machine Learning Research23, 226 (2022), 1–61

    2022

  31. [31]

    Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu. 2019. Efficient decision-based black-box adversarial attacks on face recognition. Inproceedings of the IEEE/CVF conference on computer vision and pattern recognition. 7714–7722

    2019

  32. [32]

    Salijona Dyrmishi, Mohamed Djilani, Thibault Simonetto, Salah Ghamizi, and Maxime Cordy. 2025. Insights on Adversarial Attacks for Tabular Machine Learning via a Systematic Literature Review.arXiv preprint arXiv:2506.15506(2025)

    work page arXiv 2025

  33. [33]

    Martin Ester, Hans-Peter Kriegel, Jörg Sander, Xiaowei Xu, et al. 1996. A density-based algorithm for discovering clusters in large spatial databases with noise. Inkdd, Vol. 96. 226–231

    1996

  34. [34]

    Yaser Faghan, Nancirose Piazza, Vahid Behzadan, and Ali Fathi. 2020. Adversarial attacks on deep algorithmic trading policies.arXiv preprint arXiv:2010.11388(2020)

    work page arXiv 2020

  35. [35]

    Jan Lum Fok, Qingwen Zeng, Shiping Chen, Oscar Fawkes, and Huaming Chen. 2025. Foe for Fraud: Transferable Adversarial Attacks in Credit Card Fraud Detection. In2025 IEEE International Conference on Web Services (ICWS). IEEE, 286–292

    2025

  36. [36]

    Ivan Fursov, Matvey Morozov, Nina Kaploukhaya, Elizaveta Kovtun, Rodrigo Rivera-Castro, Gleb Gusev, Dmitry Babaev, Ivan Kireev, Alexey Zaytsev, and Evgeny Burnaev. 2021. Adversarial attacks on deep models for financial transaction records. InProceedings of the 27th acm sigkdd conference on knowledge discovery & data mining. 2868–2878

    2021

  37. [37]

    Michael Gallagher, Nikolaos Pitropakis, Christos Chrysoulas, Pavlos Papadopoulos, Alexios Mylonas, and Sokratis Katsikas. 2022. Investigating machine learning attacks on financial time series models.Computers & Security123 (2022), 102933

    2022

  38. [38]

    Ji Gao, Jack Lanchantin, Mary Lou Soffa, and Yanjun Qi. 2018. Black-box generation of adversarial text sequences to evade deep learning classifiers. In2018 IEEE security and privacy workshops (SPW). IEEE, 50–56

    2018

  39. [39]

    Micah Goldblum, Avi Schwarzschild, Ankit Patel, and Tom Goldstein. 2021. Adversarial attacks on machine learning systems for high-frequency trading. InProceedings of the Second ACM International Conference on AI in Finance. 1–9

    2021

  40. [40]

    Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples.arXiv preprint arXiv:1412.6572 (2014)

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  41. [41]

    Kai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, and Mario Fritz. 2023. Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection. InProceedings of the 16th ACM workshop on artificial intelligence and security. 79–90

    2023

  42. [42]

    Anass Grini, Oumaima Taheri, Btissam El Khamlichi, and Amal El Fallah-Seghrouchni. 2025. Constrained network adversarial attacks: Validity, robustness, and transferability. In2025 21st International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT). IEEE, 771–776

    2025

  43. [43]

    William Hackett, Lewis Birch, Stefan Trawicki, Neeraj Suri, and Peter Garraghan. 2025. Bypassing LLM guardrails: An empirical analysis of evasion attacks against prompt injection and jailbreak detection systems. InProceedings of the The First Workshop on LLM Security (LLMSEC). 101–114. Manuscript submitted to ACM Trustworthy AI in Fintech 33

    2025

  44. [44]

    Nikolaus Hansen and Andreas Ostermeier. 2001. Completely derandomized self-adaptation in evolution strategies.Evolutionary computation9, 2 (2001), 159–195

    2001

  45. [45]

    Zhipeng He, Chun Ouyang, Laith Alzubaidi, Alistair Barros, and Catarina Moreira. 2025. Investigating imperceptibility of adversarial attacks on tabular data: An empirical analysis.Intelligent Systems with Applications25 (2025), 200461

    2025

  46. [46]

    Bo Hui, Haolin Yuan, Neil Gong, Philippe Burlina, and Yinzhi Cao. 2024. Pleak: Prompt leaking attacks against large language model applications. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 3600–3614

    2024

  47. [47]

    Danial Javaheri, Mahdi Fahmideh, Hassan Chizari, Pooia Lalbakhsh, and Junbeom Hur. 2024. Cybersecurity threats in FinTech: A systematic review.Expert Systems with Applications241 (2024), 122697

    2024

  48. [48]

    Jun-Peng Jiang, Si-Yang Liu, Hao-Run Cai, Qi-Le Zhou, and Han-Jia Ye. 2026. Representation learning for tabular data: A comprehensive survey. IEEE Transactions on Pattern Analysis and Machine Intelligence(2026)

    2026

  49. [49]

    Shuyu Jiang, Xingshu Chen, and Rui Tang. 2023. Prompt packer: Deceiving llms through compositional instruction with hidden attacks.arXiv preprint arXiv:2310.10077(2023)

    work page arXiv 2023

  50. [50]

    Sayash Kapoor and Arvind Narayanan. 2023. Leakage and the reproducibility crisis in machine-learning-based science.Patterns4, 9 (2023)

    2023

  51. [51]

    Harsh Kasyap and Somanath Tripathy. 2024. Sine: Similarity is not enough for mitigating local model poisoning attacks in federated learning.IEEE Transactions on Dependable and Secure Computing21, 5 (2024), 4481–4494

    2024

  52. [52]

    Roie Kazoom, Yuval Ratzabi, Etamar Rothstein, and Ofer Hadar. 2025. Boundary on the Table: Efficient Black-Box Decision-Based Attacks for Structured Data.arXiv preprint arXiv:2509.22850(2025)

    work page arXiv 2025

  53. [53]

    Serkan Kiranyaz, Onur Avci, Osama Abdeljaber, Turker Ince, Moncef Gabbouj, and Daniel J Inman. 2021. 1D convolutional neural networks and applications: A survey.Mechanical systems and signal processing151 (2021), 107398

    2021

  54. [54]

    Andrei Kirilenko, Albert S Kyle, Mehrdad Samadi, and Tugkan Tuzun. 2017. The flash crash: High-frequency trading in an electronic market.The Journal of Finance72, 3 (2017), 967–998

    2017

  55. [55]

    Gang Kou and Yang Lu. 2025. FinTech: a literature review of emerging financial technologies and applications.Financial Innovation11, 1 (2025), 1

    2025

  56. [56]

    Dominik Kreuzberger, Niklas Kühl, and Sebastian Hirschl. 2023. Machine learning operations (mlops): Overview, definition, and architecture.IEEE access11 (2023), 31866–31879

    2023

  57. [57]

    Ram Shankar Siva Kumar, Magnus Nyström, John Lambert, Andrew Marshall, Mario Goertzel, Andi Comissoneru, Matt Swann, and Sharon Xia

  58. [58]

    In2020 IEEE security and privacy workshops (SPW)

    Adversarial machine learning-industry perspectives. In2020 IEEE security and privacy workshops (SPW). IEEE, 69–75

  59. [59]

    Halima I Kure, Pradipta Sarkar, Ahmed B Ndanusa, and Augustine O Nwajana. 2025. Detecting and preventing data poisoning attacks on AI models. In2025 Photonics & Electromagnetics Research Symposium-Spring (PIERS-Spring). IEEE, 01–12

    2025

  60. [60]

    Mohammed Kutbi. 2025. Impact of backdoor attacks on face classification models through training data poisoning. In2025 4th International Conference on Computing and Information Technology (ICCIT). IEEE, 360–366

    2025

  61. [61]

    Zhongzheng Lai, Huaming Chen, Ruoxi Sun, Yu Zhang, Minhui Xue, and Dong Yuan. 2024. On security weaknesses and vulnerabilities in deep learning systems.IEEE Transactions on Dependable and Secure Computing22, 3 (2024), 2243–2257

    2024

  62. [62]

    Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, and Suman Jana. 2018. Certified robustness to adversarial examples with differential privacy.arXiv preprint arXiv:1802.03471(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  63. [63]

    Bo Li, Peng Qi, Bo Liu, Shuai Di, Jingen Liu, Jiquan Pei, Jinfeng Yi, and Bowen Zhou. 2023. Trustworthy AI: From principles to practices.Comput. Surveys55, 9 (2023), 1–46

    2023

  64. [64]

    Changjiang Li, Li Wang, Shouling Ji, Xuhong Zhang, Zhaohan Xi, Shanqing Guo, and Ting Wang. 2022. Seeing is living? rethinking the security of facial liveness verification in the deepfake era. In31st USENIX Security Symposium (USENIX Security 22). 2673–2690

    2022

  65. [65]

    Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang. 2018. Textbugger: Generating adversarial text against real-world applications.arXiv preprint arXiv:1812.05271(2018)

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  66. [66]

    Yanjie Li, Yiquan Li, Xuelong Dai, Songtao Guo, and Bin Xiao. 2023. Physical-world optical adversarial attacks on 3d face recognition. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition. 24699–24708

    2023

  67. [67]

    Tsung-Yi Lin, Michael Maire, Serge Belongie, James Hays, Pietro Perona, Deva Ramanan, Piotr Dollár, and C Lawrence Zitnick. 2014. Microsoft coco: Common objects in context. InEuropean conference on computer vision. Springer, 740–755

    2014

  68. [68]

    Aofan Liu, Hongjian Xing, Yuguo Yin, Zijun Li, Yiyan Qi, et al. [n. d.]. Semantics-Preserving Adversarial Attacks on Event-Driven Stock Prediction Models. InKnowledgeable Foundation Models at ACL 2025

    2025

  69. [69]

    Haochen Liu, Yiqi Wang, Wenqi Fan, Xiaorui Liu, Yaxin Li, Shaili Jain, Yunhao Liu, Anil Jain, and Jiliang Tang. 2022. Trustworthy ai: A computational perspective.ACM Transactions on Intelligent Systems and Technology14, 1 (2022), 1–59

    2022

  70. [70]

    Xiaogeng Liu, Somesh Jha, Patrick McDaniel, Bo Li, and Chaowei Xiao. 2025. Autohijacker: Automatic indirect prompt injection against black-box llm agents. (2025)

    2025

  71. [71]

    Xuechen Liu, Xin Wang, Md Sahidullah, Jose Patino, Héctor Delgado, Tomi Kinnunen, Massimiliano Todisco, Junichi Yamagishi, Nicholas Evans, Andreas Nautsch, et al. 2023. Asvspoof 2021: Towards spoofed and deepfake speech detection in the wild.IEEE/ACM Transactions on Audio, Speech, and Language Processing31 (2023), 2507–2522

    2023

  72. [72]

    Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. 2015. Deep learning face attributes in the wild. InProceedings of the IEEE international conference on computer vision. 3730–3738. Manuscript submitted to ACM 34 Zeng, et al

    2015

  73. [73]

    Daniele Lunghi, Yannick Molinghen, Alkis Simitsis, Tom Lenaerts, and Gianluca Bontempi. 2025. FRAUD-RLA: A new reinforcement learning adversarial attack against credit card fraud detection.arXiv preprint arXiv:2502.02290(2025)

    work page arXiv 2025

  74. [74]

    Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks.arXiv preprint arXiv:1706.06083(2017)

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  75. [75]

    Jasmita Malik, Raja Muthalagu, and Pranav M Pawar. 2024. A systematic review of adversarial machine learning attacks, defensive controls, and technologies.IEEe Access12 (2024), 99382–99421

    2024

  76. [76]

    Andrew McCarthy, Essam Ghadafi, Panagiotis Andriotis, and Phil Legg. 2022. Functionality-preserving adversarial machine learning for robust classification in cybersecurity and intrusion detection domains: A survey.Journal of Cybersecurity and Privacy2, 1 (2022), 154–190

    2022

  77. [77]

    Tiago Leon Melo, João Bravo, Marco OP Sampaio, Paolo Romano, Hugo Ferreira, João Tiago Ascensão, and Pedro Bizarro. 2023. Adversarial training for tabular data with attack propagation.arXiv preprint arXiv:2307.15677(2023)

    work page arXiv 2023

  78. [78]

    Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal adversarial perturbations. InProceedings of the IEEE conference on computer vision and pattern recognition. 1765–1773

    2017

  79. [79]

    Mohammad Naseri, Yufei Han, and Emiliano De Cristofaro. 2024. BadVFL: Backdoor attacks in vertical federated learning. In2024 IEEE Symposium on Security and Privacy (SP). IEEE, 2013–2028

    2024

  80. [80]

    Huy H Nguyen, Sébastien Marcel, Junichi Yamagishi, and Isao Echizen. 2022. Master face attacks on face recognition systems.IEEE Transactions on Biometrics, Behavior, and Identity Science4, 3 (2022), 398–411

    2022

Showing first 80 references.