AI Threat Alert
GShield: Mitigating Poisoning Attacks in Federated Learning
Learning models. In particular, it enables decentralized model training while preserving data privacy, but its distributed nature makes it highly vulnerable to a severe attack known as Data Poisoning
MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP
environments, the Model Context Protocol (MCP) was proposed and has since been widely adopted. However, integrating external tools expands the attack surface, exposing agents to tool poisoning attacks. In such
Knowledge Poisoning Attacks on Medical Multi-Modal Retrieval-Augmented Generation
injected with, adversarial knowledge, which can perturb model outputs and undermine system reliability. To investigate this risk, prior studies have explored knowledge poisoning attacks in medical RAG systems. Nevertheless, most
TokenSwap: Backdoor Attack on the Compositional Understanding of Large Vision-Language Models
corresponding textual answers. However, the poisoned samples exhibit only subtle differences from the original ones, making it challenging for the model to learn the backdoor behavior. To address this, TokenSwap
A Layered Security Framework Against Prompt Injection in RAG-Based Chatbots
cannot prevent malicious payloads from reaching the model. Consequently, retrieval-augmented generation (RAG) chatbots remain vulnerable to indirect injection, where a poisoned knowledge-base document compromises every user whose query
Backdoor Threats in Variational Quantum Circuits: Taxonomy, Attacks, and Defenses
survey of backdoor attacks in VQCs, covering data-poisoning, compiler-level, and quantum-native mechanisms. We formalize key terminology and threat models, and review existing attack strategies along with their
IU: Imperceptible Universal Backdoor Attack
simultaneously controls all target classes with minimal poisoning while preserving stealth. Our key idea is to leverage graph convolutional networks (GCNs) to model inter-class relationships and generate class-specific
DropVLA: An Action-Level Backdoor Attack on Vision-Language-Action Models
tuning. On OpenVLA-7B evaluated with LIBERO, vision-only poisoning achieves 98.67%-99.83% attack success rate (ASR) with only 0.31% poisoned episodes while preserving 98.50%-99.17% clean-task retention
Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw
live OpenClaw instance across four backbone models (Claude Sonnet 4.5, Opus 4.6, Gemini 3.1 Pro, and GPT-5.4). The results show that poisoning any single CIK dimension increases the average
ToxicTextCLIP: Text-Based Poisoning and Backdoor Attacks on CLIP Pre-training
Contrastive Language-Image Pretraining (CLIP) model has significantly advanced vision-language modeling by aligning image-text pairs from large-scale web data through self-supervised contrastive learning. Yet, its reliance
KEPo: Knowledge Evolution Poison on Graph-based Retrieval-Augmented Generation
timeliness and accuracy of Large Language Model (LLM) generations. However, this reliance on external data introduces new attack surfaces. Attackers can inject poisoned texts into databases to manipulate LLMs into
MIRAGE: Misleading Retrieval-Augmented Generation via Black-box and Query-agnostic Poisoning Attacks
proposing MIRAGE, a novel multi-stage poisoning pipeline designed for strict black-box and query-agnostic environments. Operating on surrogate model feedback, MIRAGE functions as an automated optimization framework that
SPOILER: TEE-Shielded DNN Partitioning of On-Device Secure Inference with Poison Learning
Deploying deep neural networks (DNNs) on edge devices exposes valuable intellectual property to model-stealing attacks. While TEE-shielded DNN partitioning (TSDP) mitigates this by isolating sensitive computations, existing paradigms
CryptoGuard: Lightweight Hybrid Detection and Response to Host-based Cryptojackers in Linux Cloud Environments
phase process, leveraging deep learning models to identify suspicious activity with high precision. To counter evasion techniques such as entry point poisoning and PID manipulation, CryptoGuard integrates targeted remediation mechanisms
DF-LoGiT: Data-Free Logic-Gated Backdoor Attacks in Vision Transformers
backdoor attacks largely rely on poisoned-data training, while prior data-free attempts typically require synthetic-data fine-tuning or extra model components. This paper introduces Data-Free Logic-Gated
When Backdoors Go Beyond Triggers: Semantic Drift in Diffusion Models Under Encoder Attacks
attacks on text-to-image (T2I) models primarily measure trigger activation and visual fidelity. We challenge this paradigm, demonstrating that encoder-side poisoning induces persistent, trigger-free semantic corruption that
PatchPoison: Poisoning Multi-View Datasets to Degrade 3D Reconstruction
exploited to reconstruct detailed 3D models of scenes or objects without the owner's consent. We present PatchPoison, a lightweight dataset-poisoning method that prevents unauthorized 3D reconstruction. Unlike global
Robustness in Text-Attributed Graph Learning: Insights, Trade-offs, and New Defenses
based, and hybrid perturbations in both poisoning and evasion scenarios. Our extensive analysis reveals multiple findings, among which three are particularly noteworthy: 1) models have inherent robustness trade-offs between
On the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats
breaching multiple DL-based AMC models. The attack achieves high success rates for a wide range of SNR values and a small poisoning ratio
RAG Security and Privacy: Formalizing the Threat Model and Attack Surface
knowledge, the first formal threat model for retrieval-RAG systems. We introduce a structured taxonomy of adversary types based on their access to model components and data, and we formally