AI Threat Alert
Backdoor Threats in Variational Quantum Circuits: Taxonomy, Attacks, and Defenses
survey of backdoor attacks in VQCs, covering data-poisoning, compiler-level, and quantum-native mechanisms. We formalize key terminology and threat models, and review existing attack strategies along with their
IU: Imperceptible Universal Backdoor Attack
simultaneously controls all target classes with minimal poisoning while preserving stealth. Our key idea is to leverage graph convolutional networks (GCNs) to model inter-class relationships and generate class-specific
DropVLA: An Action-Level Backdoor Attack on Vision-Language-Action Models
tuning. On OpenVLA-7B evaluated with LIBERO, vision-only poisoning achieves 98.67%-99.83% attack success rate (ASR) with only 0.31% poisoned episodes while preserving 98.50%-99.17% clean-task retention
Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw
live OpenClaw instance across four backbone models (Claude Sonnet 4.5, Opus 4.6, Gemini 3.1 Pro, and GPT-5.4). The results show that poisoning any single CIK dimension increases the average
ToxicTextCLIP: Text-Based Poisoning and Backdoor Attacks on CLIP Pre-training
Contrastive Language-Image Pretraining (CLIP) model has significantly advanced vision-language modeling by aligning image-text pairs from large-scale web data through self-supervised contrastive learning. Yet, its reliance
KEPo: Knowledge Evolution Poison on Graph-based Retrieval-Augmented Generation
timeliness and accuracy of Large Language Model (LLM) generations. However, this reliance on external data introduces new attack surfaces. Attackers can inject poisoned texts into databases to manipulate LLMs into
MIRAGE: Misleading Retrieval-Augmented Generation via Black-box and Query-agnostic Poisoning Attacks
proposing MIRAGE, a novel multi-stage poisoning pipeline designed for strict black-box and query-agnostic environments. Operating on surrogate model feedback, MIRAGE functions as an automated optimization framework that
SPOILER: TEE-Shielded DNN Partitioning of On-Device Secure Inference with Poison Learning
Deploying deep neural networks (DNNs) on edge devices exposes valuable intellectual property to model-stealing attacks. While TEE-shielded DNN partitioning (TSDP) mitigates this by isolating sensitive computations, existing paradigms
CryptoGuard: Lightweight Hybrid Detection and Response to Host-based Cryptojackers in Linux Cloud Environments
phase process, leveraging deep learning models to identify suspicious activity with high precision. To counter evasion techniques such as entry point poisoning and PID manipulation, CryptoGuard integrates targeted remediation mechanisms
DF-LoGiT: Data-Free Logic-Gated Backdoor Attacks in Vision Transformers
backdoor attacks largely rely on poisoned-data training, while prior data-free attempts typically require synthetic-data fine-tuning or extra model components. This paper introduces Data-Free Logic-Gated
When Backdoors Go Beyond Triggers: Semantic Drift in Diffusion Models Under Encoder Attacks
attacks on text-to-image (T2I) models primarily measure trigger activation and visual fidelity. We challenge this paradigm, demonstrating that encoder-side poisoning induces persistent, trigger-free semantic corruption that
PatchPoison: Poisoning Multi-View Datasets to Degrade 3D Reconstruction
exploited to reconstruct detailed 3D models of scenes or objects without the owner's consent. We present PatchPoison, a lightweight dataset-poisoning method that prevents unauthorized 3D reconstruction. Unlike global
Robustness in Text-Attributed Graph Learning: Insights, Trade-offs, and New Defenses
based, and hybrid perturbations in both poisoning and evasion scenarios. Our extensive analysis reveals multiple findings, among which three are particularly noteworthy: 1) models have inherent robustness trade-offs between
On the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats
breaching multiple DL-based AMC models. The attack achieves high success rates for a wide range of SNR values and a small poisoning ratio
RAG Security and Privacy: Formalizing the Threat Model and Attack Surface
knowledge, the first formal threat model for retrieval-RAG systems. We introduce a structured taxonomy of adversary types based on their access to model components and data, and we formally
PEEL: A Poisoning-Exposing Encoding Theoretical Framework for Local Differential Privacy
widely adopted privacy-protection model in the Internet of Things (IoT) due to its lightweight, decentralized, and scalable nature. However, it is vulnerable to poisoning attacks, and existing defenses either
Stealthy Backdoor Attacks against LLMs Based on Natural Style Triggers
attack framework and pipeline. BadStyle leverages an LLM as a poisoned sample generator to construct natural and stealthy poisoned samples that carry imperceptible style-level triggers while preserving semantics
Revisiting Backdoor Threat in Federated Instruction Tuning from a Signal Aggregation Perspective
vulnerabilities from low-concentration poisoned data distributed across the datasets of benign clients.} This scenario is increasingly common in federated instruction tuning for language models, which often rely on unverified
Safety, Security, and Cognitive Risks in World Models
risks. Adversaries can corrupt training data, poison latent representations, and exploit compounding rollout errors to cause catastrophic failures in safety-critical deployments. World model-equipped agents are more capable
OEP: Poisoning Self-Evolving LLM Agents via Locally Correct but Non-Transferable Experiences
Memory-augmented large language model (LLM) agents use iterative reflection and self-evolution to solve complex tasks, but these mechanisms introduce security risks. Existing agentic memory attacks require privileged access