Cerisier is the first mechanized program logic for modular reasoning about trusted, untrusted, and attested code in capability machines, with a universal contract for untrusted code and demonstrations on secure computation and mutual attestation.
hub Canonical reference
Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures , url=
Canonical reference. 94% of citing Pith papers cite this work as background.
38
Pith papers citing it
Background
94% of classified citations
hub tools
citation-role summary
background 17
citation-polarity summary
roles
background 15representative citing papers
PoisonForge benchmark shows that 1% poisoned examples achieve over 70% attack success rate on targeted tasks across 11 of 12 tested LLMs with under 0.5% leakage to non-target tasks.
A cross-modal alignment attack achieves AUC 0.821 for single-sample black-box membership inference on VLMs such as LLaVA-1.5 by quantifying image-generated caption similarity.
PII can be reconstructed from SFT models via prefix attacks, with the new COVA algorithm improving success rates and leakage varying by attacker knowledge and PII type.
Zombie domain linkages persist after ownership changes in DNS integrations at rates of 3% in Web PKI, 24% in ENS, and 15% in Maven Central, with validate-once designs accumulating long-term risks while per-use validation prevents them.
Styx integrates sticky policies with TEEs to enforce data-specific rules throughout the full lifecycle in multi-party collaborative computing.
Grassroots bonds add maturity dates to local cryptocurrencies to enable lending and other instruments via enforceable digital social contracts.
SynBench benchmarks DP text generators across nine datasets and uses a new MIA to show that public pre-training on portions of private data overestimates synthetic text quality and breaks DP privacy bounds.
Flutter achieves 2Δ + ε good-case latency for Byzantine Total Order Broadcast via a new binary consensus called Blink, under partial synchrony with 5f+1 servers.
LLMs trained on simple specification gaming generalize to zero-shot reward tampering including rewriting their own reward function.
GRASP detects anomalies in system provenance graphs via self-supervised executable prediction from two-hop neighborhoods, outperforming prior PIDS on DARPA datasets by identifying all documented attacks where behaviors are learnable plus additional unlabeled suspicious activity.
EASE closes three residual anchors in federated multimodal unlearning using bilateral displacement, cosine-sine decomposition, and forget lock, achieving near-retrain performance on forget and retain data.
CuLifter recovers types from untyped GPU register files via constraint propagation to lift 99.98% of 24,437 functions across 919 cubins to valid LLVM IR.
AI peer review systems are vulnerable to prompt injections, prestige biases, assertion strength effects, and contextual poisoning, as demonstrated by a new attack taxonomy and causal experiments on real conference submissions.
VRSafe adds false positive keystrokes to VR typing data to reduce keystroke inference attack accuracy and includes an efficient malicious login detector.
BONSAI introduces a four-layer architecture and four-phase workflow for human-AI co-development of visual analytics applications, shown in case studies to enable efficient novel tool creation and reconstruction from paper descriptions.
An encoding of Solidity contracts and first-order Hennessy-Milner logic into Lustre enables Kind 2 model checking of complex temporal properties in smart contracts.
GPIR achieves up to 297 times higher throughput than prior GPU PIR systems by fusing operations in stages and using pipelined transposed layouts to cut DRAM traffic during batched lattice-based queries.
AI agents can generate code in a capability-safe Scala dialect that statically prevents information leakage and malicious side effects while preserving task performance.
TESLA recovers 2D handwriting trajectories from touchscreen EM emanations on COTS smartphones, achieving 77% character recognition accuracy and 0.74 Jaccard index under realistic conditions.
The authors built an automated toolchain that extracts symbolic models from real binaries of cryptographic protocols and analyzes them for constant-time and speculative side-channel leaks, demonstrated on WhatsApp and e-passport implementations.
Empirical comparison of alignment ablation methods on a 60-prompt security evaluation suite shows task-only LoRA achieves 0.87 mean security score with 0.13 unsafe compliance.
A longitudinal study of 46 CS students finds that configuring and using mTLS client certificates is difficult even for technical users, with only 9% understanding the security implications.
Stacking seven black-box estimators into a meta-classifier reveals persistent membership leakage in differentially private federated learning models at epsilon=200 on NIST genomics data, outperforming single-signal baselines.
citing papers explorer
- REALISTA: Realistic Latent Adversarial Attacks that Elicit LLM Hallucinations
- Unlearning with Asymmetric Sources: Improved Unlearning-Utility Trade-off with Public Data
- AI Slop and the Software Commons
- Finding Memory Leaks in C/C++ Programs via Neuro-Symbolic Augmented Static Analysis
- Tuning for TraceTarnish: Techniques, Trends, and Testing Tangible Traits