{"total":15,"items":[{"citing_arxiv_id":"2607.00325","ref_index":3,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Watermarking for Proprietary Dataset Protection","primary_cat":"cs.LG","submitted_at":"2026-07-01T01:55:14+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"Watermark-based dataset inference achieves membership detection performance comparable to loss-based methods when subset exposure is high, under alternate assumptions.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2606.28479","ref_index":15,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Decomposing Memorization Reduction in Privacy-Preserving Fine-Tuning of SLMs for CSIRTs","primary_cat":"cs.CR","submitted_at":"2026-06-26T17:35:17+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Controlled experiments across 96 LoRA adapters show that reduced optimizer updates explain nearly all observed memorization drops in DP-SGD fine-tuning, HMAC pseudonymization cuts exposure 40-61% without creating new targets, and 1-3B models achieve only 0.19-0.28 F1 under the tested budget.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2606.10091","ref_index":28,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SoK: Colluding Adversaries in Machine Learning Pipelines","primary_cat":"cs.CR","submitted_at":"2026-06-08T19:16:58+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"The paper introduces a framework for collusion between train- and inference-time adversaries in ML pipelines, proposes a guideline for conjecturing collusion potential, explains prior work, and empirically validates five cases.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2606.06946","ref_index":36,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Auditing Training Data in Domain-adapted LLMs: LoRA-MINT","primary_cat":"cs.CL","submitted_at":"2026-06-05T06:19:03+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"LoRA-MINT uses perplexity to perform membership inference on LoRA-fine-tuned LLMs, reporting 0.77-0.92 precision across four models and three datasets while outperforming baselines.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.29202","ref_index":9,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Auditing Training Data in Generative Music Models via Black-Box Membership Inference","primary_cat":"cs.LG","submitted_at":"2026-05-28T00:28:22+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Black-box membership inference on text-to-music models reaches up to 98.6% accuracy by training an auditor on semantic alignment patterns extracted from shadow-model generations.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.27825","ref_index":7,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"MRMMIA: Membership Inference Attacks on Memory in Chat Agents","primary_cat":"cs.CR","submitted_at":"2026-05-27T01:31:40+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"MRMMIA is a multi-recall-probe membership inference attack that extracts signals from chat agent memory and outperforms baselines in black-, gray-, and white-box settings.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.24079","ref_index":14,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"TRACER: A Semantic-Aware Framework for Fine-Grained Contamination Detection in Code LLMs","primary_cat":"cs.SE","submitted_at":"2026-05-22T17:30:20+00:00","verdict":"UNVERDICTED","verdict_confidence":"UNKNOWN","novelty_score":6.0,"formal_verification":"none","one_line_summary":"TRACER presents a semantic-aware framework and the first benchmark for fine-grained code contamination detection across three levels of overlap, reporting F1 scores of 0.91-0.92 and large gains over prior methods.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.16776","ref_index":88,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Distinguishable Deletion: Unifying Knowledge Erasure and Refusal for Large Language Model Unlearning","primary_cat":"cs.LG","submitted_at":"2026-05-16T03:15:35+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Distinguishable Deletion unifies knowledge erasure and refusal for LLM unlearning via an energy index that enforces boundaries during training and enables refusal at inference.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.12574","ref_index":21,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"DistractMIA: Black-Box Membership Inference on Vision-Language Models via Semantic Distraction","primary_cat":"cs.CV","submitted_at":"2026-05-12T12:04:11+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"DistractMIA performs output-only black-box membership inference on vision-language models by inserting semantic distractors and measuring shifts in generated text responses.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.07878","ref_index":9,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Black-box model classification under the discriminative factorization","primary_cat":"cs.LG","submitted_at":"2026-05-08T15:32:35+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Discriminative factorization distinguishes high-quality query sets for black-box model classification, with chance-level error decaying exponentially in query budget and parameters predicting empirical decay rates on auditing tasks.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"[7] Nan Chen, Hayden Helm, Youngser Park, Carey Priebe, and Soledad Villar. Extracting infor- mation from fine-tuned weights. InNon-Euclidean Foundation Models: Advancing AI Beyond Euclidean Frameworks, 2025. URLhttps://openreview.net/forum?id=zjwOD3Fwrq. [8] Luc Devroye, László Györfi, and Gábor Lugosi.A Probabilistic Theory of Pattern Recognition. Springer, New York, 1996. [9] Michael Duan, Anshuman Suri, Niloofar Mireshghallah, Sewon Min, Weijia Shi, Luke Zettle- moyer, Yulia Tsvetkov, Yejin Choi, David Evans, and Hannaneh Hajishirzi. Do membership inference attacks work on large language models?, 2024. URL https://arxiv.org/abs/ 2402.07841. [10] Brandon Duderstadt, Hayden S. Helm, and Carey E. Priebe. Comparing foundation models"},{"citing_arxiv_id":"2605.06423","ref_index":12,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Pop Quiz Attack: Black-box Membership Inference Attacks Against Large Language Models","primary_cat":"cs.CR","submitted_at":"2026-05-07T15:29:10+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"PopQuiz Attack infers LLM training data membership by turning examples into quiz questions and measuring answer accuracy, reaching 0.873 average ROC-AUC across six models and outperforming prior methods by 20.6%.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.12342","ref_index":1,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"CoLA: A Choice Leakage Attack Framework to Expose Privacy Risks in Subset Training","primary_cat":"cs.CR","submitted_at":"2026-04-14T06:26:04+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"CoLA reveals that subset training creates new privacy leakage surfaces via side-channel metadata and model outputs, enabling training-membership and selection-participation membership inference attacks.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.03199","ref_index":7,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Learning the Signature of Memorization in Autoregressive Language Models","primary_cat":"cs.CL","submitted_at":"2026-04-03T17:17:51+00:00","verdict":"ACCEPT","verdict_confidence":"MODERATE","novelty_score":8.0,"formal_verification":"none","one_line_summary":"A classifier trained only on transformer fine-tuning data detects an invariant memorization signature that transfers to Mamba, RWKV-4, and RecurrentGemma with AUCs of 0.963, 0.972, and 0.936.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2512.22753","ref_index":6,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software","primary_cat":"cs.SE","submitted_at":"2025-12-28T02:55:49+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"RSA prompting enables LLMs to automatically create functional exploits for CVEs in Odoo ERP, succeeding on all tested cases in 3-5 rounds and removing the need for manual effort.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2506.06057","ref_index":11,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Hey, That's My Data! Token-Only Dataset Inference in Large Language Models","primary_cat":"cs.CL","submitted_at":"2025-06-06T13:02:59+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"CatShift detects training data membership in LLMs by comparing output shifts induced by fine-tuning on member versus non-member data, relying on catastrophic forgetting without requiring logit access.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null}],"limit":50,"offset":0}