Policy Safety→Official→arXiv Cryptography and Security
Researchers introduce PVDetector, a training-free framework for detecting prompt injection attacks on purpose-specific large language model (LLM) agents. By analyzing hidden-state alignment with policy-violation concepts, PVDetector identifies attacks with less than 1% false negative rate and minimal computational overhead, outperforming existing input-output pattern-based detectors.
Why it matters: As LLMs are increasingly used for specialized tasks with unique restrictions, PVDetector provides an efficient and effective defense against prompt injection attacks by leveraging the model's internal representations of policy violations.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new preprint presents a reproducible, open-source pipeline that distinguishes code written by humans from that generated by large language models (LLMs) with 93% accuracy, using samples from 31 security-sensitive programming tasks across four languages. The study finds systematic differences in security patterns between human and LLM-generated code, and shows that LLMs can repair vulnerabilities in code 77% of the time, though repairs are often only partial fixes.
Why it matters: This work advances automated code provenance attribution and highlights important security differences between human and AI-generated code, informing software supply chain security and AI-assisted development practices.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Researchers introduce JADR (Jacobian Assessment of Danger Recognition), a protocol that evaluates a language model's internal representation of danger by analyzing Jacobian space activations before any response is generated. The method operates entirely locally, does not require external judge models, and enables comparison of models and quantization levels using a SafetyAUC metric with statistical significance. Applied to six models, including Qwen3 variants and Gemma 2 9B, JADR distinguishes between strong and weak internal safety mechanisms and reveals quantization effects.
Why it matters: This approach provides a novel, judge-free method for probing LLM safety by examining internal model activations, potentially uncovering hidden vulnerabilities in safety mechanisms.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new benchmark, VanillaBench, systematically quantifies the accuracy cost of adversarial robustness by comparing 186 robust models against vanilla baselines. The study finds that the mean clean accuracy gap ranges from -7.7 to -29.5 percentage points, with even the best robust models trailing their vanilla counterparts by 4.0-21.0 points. The authors recommend that future robustness evaluations should routinely report vanilla-referenced accuracy gaps.
Why it matters: This benchmark makes explicit the substantial accuracy trade-off of adversarial robustness, providing critical information for practitioners and decision-makers that is often missing from individual papers.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Researchers have developed MindReader, a tool that leverages large language models (LLMs) to help users generate password replacements that are both secure and memorable. MindReader analyzes the semantic meaning of original password components and suggests new, semantically related but syntactically different replacements. In a user study, passwords created with MindReader were more resistant to guessing attacks than both original and conventionally replaced passwords, while maintaining similar memorability.
Why it matters: This work offers a practical LLM-based approach to improving password security without sacrificing usability, addressing a persistent vulnerability in password management.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint demonstrates that integrating Post-Quantum Cryptography (PQC) into TLS 1.3 can dramatically increase server vulnerability to handshake exhaustion DDoS attacks, with server CPU exhaustion periods prolonged by up to 88 times. The study also finds that leading deep learning-based intrusion detection systems (IDS) experience severe performance drops under PQC traffic, with one system's recall falling to about 50% and another's detection accuracy approaching random chance.
Why it matters: As PQC adoption accelerates, these findings highlight urgent new security risks, showing that quantum-safe cryptography may inadvertently create exploitable weaknesses that current defenses cannot address.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
Researchers present a framework that combines metamorphic testing and association rule mining to systematically detect and analyze security vulnerabilities in code generated by large language models (LLMs). Evaluating 3,700 code snippets from five open-source models, they found that 68.8% violated at least one security property, with frequent co-occurrence of vulnerabilities such as XSS, weak cryptography, and hard-coded credentials. The study also identifies prompt-level risk factors and structured patterns in how vulnerabilities cluster together.
Why it matters: This work demonstrates that security flaws in LLM-generated code are often interconnected and influenced by prompt context, highlighting the need for cluster-aware verification and improved safeguards in AI-assisted programming.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
Antiproof is a vulnerability discovery system that combines neuro-symbolic detector synthesis with proof-of-exploitability oracles to achieve high-recall vulnerability detection and automatic validation. In evaluations, it detected 64 of 66 vulnerabilities in benchmarks, improving recall by over 60 percentage points compared to baselines, and uncovered several hundred previously unknown vulnerabilities in widely deployed systems. The system has received 12 CVE assignments, including remote code execution vulnerabilities in Ray, SGLang, vLLM, and LiteLLM, which could allow attackers to compromise LLM training and inference systems.
Why it matters: This work demonstrates a scalable and effective approach to discovering and validating zero-day vulnerabilities in critical AI infrastructure, with immediate security implications for widely used LLM deployment tools.
Jul 15, 2026
Research→Official→arXiv Cryptography and Security
A new preprint introduces Representation-Confusion Attacks in Reverse Engineering (RARE), where attacker-controlled binaries can manipulate LLM-assisted reverse engineering systems by making extracted data appear as authoritative instructions or independent evidence. The authors present RARE-Guard, a defense mechanism that applies authorization and provenance controls to prevent unsafe actions and false claims. In evaluations, RARE-Guard successfully blocked all unsafe proposals and false claims while preserving legitimate analyst requests and supported claims.
Why it matters: This work reveals a significant security vulnerability in LLM-assisted reverse engineering pipelines and demonstrates a practical defense that could improve the safety and reliability of automated software analysis tools.
Jul 15, 2026
Policy Safety→Official→arXiv Cryptography and Security
Researchers have introduced GATAS, a black-box testing method that generates adversarial inputs for automatic speech recognition (ASR) systems by interpolating in the phoneme-level latent space of a text-to-speech model. GATAS achieves a 98% success rate in inducing transcription errors while maintaining high perceptual quality, outperforming both white-box and black-box baselines. The study finds that representation and perceptual alignment are more important than gradient access for generating effective adversarial test cases.
Why it matters: This work reveals a significant new vulnerability in ASR systems, showing that adversarial attacks can be highly effective even without access to model internals, which has important implications for the security of voice-driven applications.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint demonstrates that adversaries can corrupt open datasets to poison AI-driven scientific research, with attacks succeeding in nearly half of experimental runs and detection rates remaining very low. The attack leverages autonomous research agents that retrieve and process public data, potentially turning well-intentioned scientists into unwitting distributors of fraudulent results. The study also finds that implementing provenance auditing with five specific checks can reduce attack success to zero.
Why it matters: This research exposes a scalable vulnerability in AI-assisted science that could industrialize scientific fraud, posing a significant threat to the integrity of research in critical domains.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint demonstrates that simple prompt reframing—such as presenting questions as medical board exam items—can bypass safety guardrails in Google's MedGemma-4B medical language model. The study found an overall attack success rate of 38.0%, with the drug-interaction guardrail being particularly weak (83.2% ASR) and the emergency-deferral guardrail remaining robust (4.7% ASR).
Why it matters: This work reveals that current safety guardrails in open-weight medical language models can be circumvented by unsophisticated prompt engineering, raising concerns about their reliability in real-world applications.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
A new preprint describes a deep reinforcement learning-based attack that covertly manipulates control signals in digital twin-enabled industrial systems to accelerate wear and tear on robotic joints while evading anomaly detection. The attack, tested on a UR10e robotic arm, was able to significantly increase torque on targeted joints, resulting in faster degradation and higher maintenance costs. The study benchmarks several reinforcement learning algorithms, finding that Soft Actor-Critic (SAC) is particularly effective for this purpose.
Why it matters: This research demonstrates a novel and practical AI-driven cyberattack method that exposes critical vulnerabilities in digital twin-enabled industrial systems, emphasizing the urgent need for improved security measures.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
A large-scale study with 4,100 U.S. participants finds that AI-generated voice phishing (vishing) achieves a 16.5% overall compliance rate, with up to 36% compliance for 'relative-in-distress' scams. Economic analysis indicates that, unlike human-operated vishing, AI-powered attacks are profitable at U.S. wage levels, primarily due to automation. The study highlights that the main risk is the scalability and low cost of AI-driven vishing, rather than new persuasive capabilities.
Why it matters: This research shows that AI voice synthesis and language models have shifted the economics of voice phishing, making large-scale attacks feasible and raising urgent policy and consumer protection concerns.
Jul 14, 2026
Research→Official→arXiv Cryptography and Security
Researchers introduce MCPZoo, the largest collection of MCP servers for dynamic analysis, comprising 64,611 unique servers. Using this dataset, they find that existing security scanners report 96.89% of servers as risky, but manual validation shows less than 50% of sampled alerts are true positives, with significant inconsistency across scanners. MCPZoo enables large-scale, reproducible measurement of MCP server security and highlights limitations in current scanning practices.
Why it matters: This study exposes critical flaws in current MCP security assessment methods, raising concerns about the reliability of reported risk levels for LLM-based agent tools.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
Researchers have characterized physical prompt injection attacks against vision-language models (VLMs) on wearable devices such as smart glasses, where malicious text embedded in the environment can hijack model behavior. In tests across over 200 real-world environments, these attacks achieved up to a 96% success rate in simulated settings and 60% in real-world scenarios, leading to biased or untruthful outputs. The study also proposes two defense strategies—a mask-based external filter and a semantic-vector-based internal detector—that can reduce the success and impact of such attacks.
Why it matters: As VLMs are increasingly deployed in wearable devices, physical prompt injection represents a significant new security vulnerability that could manipulate outputs in safety-critical contexts.
Jul 14, 2026
Research→Official→arXiv Cryptography and Security
A new preprint introduces an evolutionary framework, guided by large language models (LLMs), to generate targeted black-box attacks on widely used perceptual hash algorithms (PHAs) such as pHash, PDQ, PhotoDNA, and NeuralHash. The approach achieves comparable or superior attack success rates with fewer queries and lower image distortion than existing black-box methods, revealing previously unreported vulnerabilities in these content moderation tools.
Why it matters: The findings highlight significant security weaknesses in commonly deployed perceptual hash algorithms, underscoring the urgent need for more robust content moderation technologies.
Jul 14, 2026
Policy Safety→Official→arXiv Cryptography and Security
Researchers have introduced Mako, a self-evolving AI agent designed to autonomously exploit web vulnerabilities by treating its exploit capability as a mutable kernel. Mako achieved full coverage on 104 CTF-style web applications spanning 26 vulnerability classes, demonstrating the ability to autonomously discover and exploit a wide range of web vulnerabilities. Due to dual-use concerns, the authors have withheld operational details, payloads, and source code.
Why it matters: Mako's results highlight that once an exploit capability is available, the difficulty of autonomous exploitation collapses, raising significant security and safety concerns about the potential for automated offensive systems.
Jul 14, 2026
Research→Official→arXiv Cryptography and Security
Researchers introduce AMT-X, a phase-structured multi-turn red-teaming framework that employs a multi-role jury and phase-conditioned checklists to evaluate the safety of large language models (LLMs). When tested on six frontier models, AMT-X achieved 97.6-100% attack success under lenient scoring, but only 66.7-78.6% under stricter criteria requiring complete operational detail. This demonstrates a substantial gap between partially and fully actionable harmful outputs.
Why it matters: The findings indicate that current single-turn safety evaluations may underestimate the risks posed by adaptive adversaries, emphasizing the need for more nuanced assessment methods in AI safety.
Jul 14, 2026
Research→Official→arXiv Cryptography and Security
Researchers introduce MusicMark, a generative watermarking framework that embeds watermarks into the semantic latent space during diffusion-based music generation. Unlike post-hoc watermarking methods, MusicMark integrates watermarking directly into the generation process, resulting in greater robustness against attacks such as neural codec re-synthesis and cover-song transformations, while preserving audio quality. Experimental results show that MusicMark outperforms existing post-hoc approaches in both robustness and fidelity.
Why it matters: This work provides a significant advance in ensuring reliable provenance and attribution for AI-generated music, addressing a growing need as such content becomes more widespread.
Jul 14, 2026