AI Threat Alert
Attack HIGH
Density-aware Sample-specific Attack
Qiyuan Wang, Yao Li, Raymond K. W. Wong
Despite recent progress in backdoor attacks, existing methods remain susceptible to post-training defenses that erase the backdoor through...
AI Security Research
AI Threat Alert indexes 3,023+ peer-reviewed and preprint papers on AI/ML security — covering adversarial attacks, model defenses, red-teaming benchmarks, surveys, and security tooling. Papers are sourced from arXiv, classified by type and by relevance to real-world threats, and cross-referenced with the CVEs and incidents they relate to.
- Adversarial attacks
- Model defenses
- Red-teaming benchmarks
- Surveys
- Security tooling
- Total3,023
- Attack1,175
- Benchmark866
- Defense407
- Tool319
- Survey176
Showing 121–140 of 1,175 papers
Clear filters Attack MEDIUM
Cross-Entropy Games and Frost Training
Arthur Renard, Franck Gabriel, Valentin Hartmann +1 more
We present Frost Training, a method for improving Monte Carlo-based policy optimization for a large family of LLM-as-a-judge tasks called...
Attack HIGH
Backdoor Attacks on Fault Detection and Localization in Cyber-Physical Systems
Abile Jean, Kuniyilh S
Cyber-Physical Systems (CPS) integrate sensing, communication, computation, and control to support critical infrastructure, including smart grids,...
Attack HIGH
Poison with Style: A Practical Poisoning Attack on Code Large Language Models
Khang Tran, Yazan Boshmaf, Issa Khalil +3 more
Code Large Language Models (CLLMs) serve as the core of modern code agents, enabling developers to automate complex software development tasks. In...
Attack HIGH
PAST2HARM: A Simple Adaptive Past Tense Attack for Jailbreaking Multimodal AI
Snehasis Mukhopadhyay
Jailbreak attacks on multimodal AI systems remain underexplored, even though unsafe image generation can have more severe consequences than unsafe...
Attack HIGH
Alignment Tampering: How Reinforcement Learning from Human Feedback Is Exploited to Optimize Misaligned Biases
Dongyoon Hahm, Dylan Hadfield-Menell, Kimin Lee
Reinforcement Learning from Human Feedback (RLHF) is the standard method to align Large Language Models (LLMs) with human preferences. In this work,...
Attack MEDIUM
BAIT: Boundary-Guided Disclosure Escalation via Self-Conditioned Reasoning
Xuan Luo, Yue Wang, Geng Tu +2 more
In this work, we propose BAIT (Boundary-Aware Iterative Trap), a three-step jailbreak framework that approaches malicious goals through internal...
Attack MEDIUM
EmoDistill: Offline Emotion Skill Distillation for Language Model Agents in Adversarial Negotiation
Yunbo Long, Haolang Zhao, Lukas Beckenbauer +2 more
Post-trained LLMs are often optimized to align responses with human preferences, making them safe, polite, and conversationally appropriate. In...
Attack MEDIUM
Cordon-MAS: Defending RAG against Knowledge Poisoning via Information-Flow Control
Zhe Yu, Wenpeng Xing, Gaolei Li +4 more
Retrieval-augmented generation (RAG) increasingly underpins high-stakes applications, yet remains vulnerable to Confundo-style poisoning where...
Attack HIGH
Cordyceps: Covert Control Attacks on LLMs via Data Poisoning
Zedian Shao, Charles Fleming, Teodora Baluta
Large language models (LLMs) are often fine-tuned on uncurated text datasets that adversaries can poison. Existing poisoning attacks primarily rely...
Attack HIGH
Open-Weight LLM Fine-Tuning Defenses are Susceptible to Simple Attacks
Kevin Kuo, Chhavi Yadav, Virginia Smith
Recent defenses for safeguarding open-weight large language models (LLMs) are intended to prevent adversarial usage. Underlying these defenses is an...
Attack HIGH
Erased but Exploitable: Black-box Embedding-Aware Prompting Against Unlearned Text-to-Image Diffusion Models
Arian Komaei Koma, Seyed Amir Kasaei, AmirMahdi Sadeghzadeh +1 more
Machine unlearning aims to remove specific concepts from pretrained text-to-image diffusion models, yet several white- and black-box attacks have...
Attack HIGH
Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models
Mohammed N. Swileh, Shengli Zhang, Kai Lei
Software-Defined Networking (SDN) provides flexible and programmable network management; however, its centralized control architecture remains highly...
Attack MEDIUM
Closed-Loop Bidirectional Prompting for Adversarial Robustness of Vision Language Models
Xiao Liu, Jiaxiang Liu, Boci Peng +6 more
Vision Language Models adapt well to downstream tasks but are highly vulnerable to adversarial perturbations that disrupt cross-modal semantic...
Attack MEDIUM
Capability and Robustness Cannot Both Be Free: An Information-Theoretic Bound for Vision-Language-Action Models
Jianwei Tai
Vision-Language-Action (VLA) models are increasingly deployed on real robots, where each predicted action is executed and each failure carries a...
Attack MEDIUM
Capability and Robustness Cannot Both Be Free: An Information-Theoretic Bound for Vision-Language-Action Models
Jianwei Tai
Vision-Language-Action (VLA) models are increasingly deployed on real robots, where each predicted action is executed and each failure carries a...
Attack HIGH
How Agentic AI Coding Assistants Become the Attacker's Shell
Yue Liu, Yanjie Zhao, Yunbo Lyu +3 more
Agentic AI coding assistants can edit files, run commands, and access the internet on behalf of developers. However, their reliance on unvetted...
Attack HIGH
When Interpretability Becomes a Liability: Adversarial Attacks on CBM Concept Layers
Aditya Sridhar
Concept Bottleneck Models (CBMs) have emerged as a cornerstone approach for interpretable machine learning, providing human-understandable...
Attack HIGH
Localization then Neutralization: Gradient-guided Token Suppression against Visual Prompt Injection Attack
Dongpeng Zhang, Ke Ma, Yangbangyan Jiang +4 more
Adversarial images pose a severe security threat to multimodal large language models through prompt injection. Existing defenses largely lack a...
Attack LOW
QML-PipeGuard: Drift-Aware Behavioral Fingerprinting for Quantum Machine Learning Pipeline Integrity
Esra Yeniaras
Quantum machine learning (QML) is moving from research prototypes to deployed cloud services. As QML enters regulated industries, the integrity of...
Frequently asked questions
What is AI security research?
AI security research studies how AI and machine-learning systems can be attacked and defended — covering adversarial examples, prompt injection, model poisoning, training-data extraction, and the mitigations against them. AI Threat Alert curates this research from academic sources so security teams can track the threats behind emerging AI risks.
How many AI security papers does AI Threat Alert track?
AI Threat Alert indexes 3,023+ papers on AI/ML security, classified across attack, defense, benchmark, survey, and tool categories and updated continuously.
Where do the research papers come from?
Papers are sourced from arXiv, then classified by type and by relevance to real-world AI/ML threats, and cross-referenced with the CVEs and incidents they relate to.
What topics does the AI security research cover?
Coverage spans adversarial attacks, model and system defenses, red-teaming benchmarks, literature surveys, and security tooling for LLMs, ML libraries, AI agents, and inference pipelines.
How is this different from a generic paper search?
Every paper is filtered for AI security relevance and linked to the vulnerabilities, vendors, and incidents it relates to, so the research connects directly to operational threat intelligence.
Track AI security vulnerabilities in real time
Get breaking CVE alerts, compliance reports (ISO 42001, EU AI Act), and CISO risk assessments for your AI/ML stack.
Start 14-Day Free Trial