Exploring Potential Prompt Injection Attacks in Federated Military LLMs and Their Mitigation

Jinu Gong; Joonhyuk Kang; Taehyun Park; Youngjoon Lee; Yunho Lee

arxiv: 2501.18416 · v2 · submitted 2025-01-30 · 💻 cs.LG

Exploring Potential Prompt Injection Attacks in Federated Military LLMs and Their Mitigation

Youngjoon Lee , Taehyun Park , Yunho Lee , Jinu Gong , Joonhyuk Kang This is my paper

Pith reviewed 2026-05-23 04:35 UTC · model grok-4.3

classification 💻 cs.LG

keywords prompt injectionfederated learningmilitary LLMsdata leakagemisinformationred teamingAI securitypolicy countermeasures

0 comments

The pith

Prompt injection attacks can leak secrets, enable free-riding, disrupt systems and spread misinformation in federated military LLMs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This perspective paper argues that prompt injection poses new threats to federated learning setups used for military LLMs among allies while preserving data sovereignty. It identifies four specific vulnerabilities that could compromise operational security, decision-making and trust. The authors propose a human-AI collaborative framework that combines technical measures like red/blue team wargaming with policy measures like joint development of security protocols. A sympathetic reader would care because these systems aim to enable collaboration without sharing raw data, yet the attacks could erode that foundation if unaddressed.

Core claim

The paper claims that federated military LLMs face four vulnerabilities from prompt injection: secret data leakage, free-rider exploitation, system disruption, and misinformation spread. These risks can be addressed by a human-AI collaborative framework that uses red/blue team wargaming and quality assurance on the technical side along with joint AI-human policy development and verification of security protocols on the policy side.

What carries the argument

The human-AI collaborative framework that applies red/blue team wargaming and quality assurance to detect adversarial behaviors in shared LLM weights while promoting joint policy development and security protocol verification.

Load-bearing premise

The four listed vulnerabilities are realistic in federated military LLM settings and can be effectively detected and mitigated by the proposed combination of red/blue team wargaming and joint policy development.

What would settle it

Running a controlled prompt injection test on a simulated federated military LLM that results in secret data leakage or misinformation spread despite applying the red/blue team wargaming and policy measures would show the framework fails to address the risks.

Figures

Figures reproduced from arXiv: 2501.18416 by Jinu Gong, Joonhyuk Kang, Taehyun Park, Youngjoon Lee, Yunho Lee.

**Figure 2.** Figure 2: Illustration of four key FL advantages: privacy preser [PITH_FULL_IMAGE:figures/full_fig_p002_2.png] view at source ↗

**Figure 3.** Figure 3: Illustration of four potential attack scenarios in military FL environments: (a) Secret data extraction attack, where [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗

**Figure 4.** Figure 4: Proposed human-AI collaborative countermeasure frameworks for protecting federated military LLMs: (a) Technical [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗

read the original abstract

Federated Learning (FL) is increasingly being adopted in military collaborations to develop Large Language Models (LLMs) while preserving data sovereignty. However, prompt injection attacks-malicious manipulations of input prompts-pose new threats that may undermine operational security, disrupt decision-making, and erode trust among allies. This perspective paper highlights four vulnerabilities in federated military LLMs: secret data leakage, free-rider exploitation, system disruption, and misinformation spread. To address these risks, we propose a human-AI collaborative framework with both technical and policy countermeasures. On the technical side, our framework uses red/blue team wargaming and quality assurance to detect and mitigate adversarial behaviors of shared LLM weights. On the policy side, it promotes joint AI-human policy development and verification of security protocols.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a perspective piece that names four prompt-injection vulnerabilities in federated military LLMs but supplies no mechanism, example, or evidence linking injected prompts to those outcomes under weight-only sharing.

read the letter

The core takeaway is that the paper asserts prompt injection creates secret data leakage, free-rider exploitation, system disruption, and misinformation spread in military federated LLMs, then proposes red/blue-team wargaming and joint policy work as fixes, all without any supporting detail. It is a short perspective note, not a technical contribution. The application to allied military LLM development is a reasonable domain to flag, since federated setups are chosen precisely to keep raw data local while still sharing models. That intersection with known prompt-injection risks is worth noting for policy readers. Beyond that, the paper adds nothing new. The vulnerabilities are described at the level of bullet points with no attack construction, data-flow sketch, or even informal scenario showing how a malicious prompt would produce the claimed effects when only weights move between parties. The mitigation framework is likewise named rather than specified—no interface, protocol, or verification step is given. The stress-test concern holds: the central claims rest on assertion alone, so the argument does not stand up on its own terms. This is for defense-policy or military-AI readers who want a quick list of possible concerns rather than analysis or data. A technical audience or anyone needing reproducible evidence gets no value. I would not bring it to a reading group or cite it. It does not deserve peer review because there is no technical content or empirical grounding to evaluate.

Referee Report

2 major / 1 minor

Summary. This perspective paper claims that prompt injection attacks pose new threats to federated military LLMs by undermining operational security, disrupting decision-making, and eroding trust among allies. It identifies four specific vulnerabilities—secret data leakage, free-rider exploitation, system disruption, and misinformation spread—and proposes a human-AI collaborative framework combining technical countermeasures (red/blue team wargaming and quality assurance on shared LLM weights) with policy measures (joint AI-human policy development and security protocol verification).

Significance. If substantiated, the work could raise awareness of security risks in military federated LLM deployments. However, as a purely perspective piece with no mechanisms, examples, experiments, or references demonstrating how the asserted vulnerabilities arise under federated weight-sharing threat models, it offers no new technical insights, falsifiable predictions, or validated mitigations.

major comments (2)

[Abstract] Abstract: The four vulnerabilities (secret data leakage, free-rider exploitation, system disruption, misinformation spread) are asserted without any attack construction, data-flow description, informal example, or reference showing how an injected prompt produces these outcomes when only model weights—not raw data—are exchanged in federated learning.
[Full text (framework section)] Proposed framework description: The technical countermeasures (red/blue team wargaming, quality assurance) and policy countermeasures (joint policy development, verification of security protocols) are named at a high level only, with no interface, protocol, verification step, or implementation detail provided that would allow assessment of their feasibility or effectiveness against the claimed threats.

minor comments (1)

The manuscript would benefit from citing existing literature on prompt injection attacks in LLMs and security issues in federated learning to ground the perspective.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed review of our perspective paper. We acknowledge that the work is positioned as a perspective piece rather than an empirical study and address the major comments below by clarifying the paper's intent while agreeing to strengthen illustrative content where feasible.

read point-by-point responses

Referee: [Abstract] Abstract: The four vulnerabilities (secret data leakage, free-rider exploitation, system disruption, misinformation spread) are asserted without any attack construction, data-flow description, informal example, or reference showing how an injected prompt produces these outcomes when only model weights—not raw data—are exchanged in federated learning.

Authors: As a perspective paper, the manuscript identifies potential risks through logical analysis of prompt injection in federated military LLM settings rather than constructing or validating specific attacks. We agree that the absence of even brief informal examples limits clarity on how these outcomes could occur under weight-sharing threat models. We will revise the abstract and body to incorporate short illustrative scenarios for each vulnerability, grounded in the federated learning data flow, without adding experiments. revision: yes
Referee: [Full text (framework section)] Proposed framework description: The technical countermeasures (red/blue team wargaming, quality assurance) and policy countermeasures (joint policy development, verification of security protocols) are named at a high level only, with no interface, protocol, verification step, or implementation detail provided that would allow assessment of their feasibility or effectiveness against the claimed threats.

Authors: The framework is intentionally outlined at a conceptual level to propose a human-AI collaborative direction. We accept that greater specificity would aid assessment. In revision, we will expand the framework section with high-level steps and interfaces for red/blue team wargaming, quality assurance on shared weights, and joint policy development processes, while noting these remain proposals for future detailed work. revision: yes

Circularity Check

0 steps flagged

No circularity: perspective paper contains no derivations, equations, or fitted results

full rationale

The manuscript is explicitly a perspective paper that asserts four vulnerabilities and proposes high-level countermeasures without any equations, parameter fitting, self-citations used as load-bearing uniqueness theorems, or derivation steps. No load-bearing claim reduces to its own inputs by construction because no derivation chain exists. The central assertions stand or fall on external evidence and plausibility arguments, not on internal self-definition or renaming. This is the expected non-finding for a non-technical perspective piece.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Perspective paper with no mathematical content, data analysis, or formal claims; no free parameters, axioms, or invented entities are introduced.

pith-pipeline@v0.9.0 · 5667 in / 1024 out tokens · 37396 ms · 2026-05-23T04:35:02.854204+00:00 · methodology

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

If you're waiting for a sign... that might not be it! Mitigating Trust Boundary Confusion from Visual Injections on Vision-Language Agentic Systems
cs.CV 2026-04 unverdicted novelty 6.0

LVLM-based agents exhibit trust boundary confusion with visual injections and a multi-agent defense separating perception from decision-making reduces misleading responses while preserving correct ones.

Reference graph

Works this paper leans on

29 extracted references · 29 canonical work pages · cited by 1 Pith paper · 1 internal anchor

[1]

Neuro-symbolic ai for military applica- tions,

D. H. Hagos and D. B. Rawat, “Neuro-symbolic ai for military applica- tions,”IEEE Trans. Artif. Intell., vol. 5, no. 12, pp. 6012–6026, 2024

work page 2024
[2]

Communication-efficient learning of deep networks from decentralized data,

B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” inProc. AISTAT, Fort Lauderdale, United States, Apr. 2017

work page 2017
[3]

The future of large language model pre-training is federated,

L. Sani, A. Iacob, Z. Cao, B. Marino, Y . Gao, T. Paulik, W. Zhao, W. F. Shen, P. Aleksandrov, X. Qiu, and N. D. Lane, “The future of large language model pre-training is federated,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024
[4]

Worldwide federated training of language models,

A. Iacob, L. Sani, B. Marino, P. Aleksandrov, W. F. Shen, and N. D. Lane, “Worldwide federated training of language models,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024
[5]

Federated learning: Challenges, methods, and future directions,

T. Li, A. K. Sahu, A. Talwalkar, and V . Smith, “Federated learning: Challenges, methods, and future directions,”IEEE Signal Process. Mag., vol. 37, no. 3, pp. 50–60, 2020

work page 2020
[6]

Accelerated federated learning via greedy aggregation,

Y . Lee, S. Park, J.-H. Ahn, and J. Kang, “Accelerated federated learning via greedy aggregation,”IEEE Commun. Lett., vol. 26, no. 12, pp. 2919– 2923, 2022

work page 2022
[7]

Vulnerabilities of foundation model integrated federated learning under adversarial threats,

C. Wu, X. Li, and J. Wang, “Vulnerabilities of foundation model integrated federated learning under adversarial threats,”arXiv preprint arXiv:2401.10375, 2024

work page arXiv 2024
[8]

Security and privacy challenges of large language models: A survey,

B. C. Das, M. H. Amini, and Y . Wu, “Security and privacy challenges of large language models: A survey,”ACM Comput. Surv., 2025 (ac- cepeted)

work page 2025
[9]

real attackers don’t compute gradients: bridging the gap between adversarial ml research and practice,

G. Apruzzese, H. S. Anderson, S. Dambra, D. Freeman, F. Pierazzi, and K. Roundy, “real attackers don’t compute gradients: bridging the gap between adversarial ml research and practice,” inProc. IEEE SaTML, North Hills Raleig, United States, Feb. 2023

work page 2023
[10]

Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection,

K. Greshake, S. Abdelnabi, S. Mishra, C. Endres, T. Holz, and M. Fritz, “Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection,” inProc. ACM AISec, Copenhagen, Denmark, Nov. 2023

work page 2023
[11]

Emerging safety attack and defense in federated instruction tuning of large language models,

R. Ye, J. Chai, X. Liu, Y . Yang, Y . Wang, and S. Chen, “Emerging safety attack and defense in federated instruction tuning of large language models,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024
[12]

The Rise and Potential of Large Language Model Based Agents: A Survey

Z. Xi, W. Chen, X. Guo, W. He, Y . Ding, B. Hong, M. Zhang, J. Wang, S. Jin, E. Zhouet al., “The rise and potential of large language model based agents: A survey,”arXiv preprint arXiv:2309.07864, 2023

work page internal anchor Pith review Pith/arXiv arXiv 2023
[13]

Federated learning challenges and opportunities: An outlook,

J. Ding, E. Tramel, A. K. Sahu, S. Wu, S. Avestimehr, and T. Zhang, “Federated learning challenges and opportunities: An outlook,” inProc. IEEE ICASSP, Marina Bay, Singapore, May 2022

work page 2022
[14]

Federated machine learning for multi- domain operations at the tactical edge,

G. Cirincione and D. Verma, “Federated machine learning for multi- domain operations at the tactical edge,” inArtificial intelligence and machine learning for multi-domain operations applications, vol. 11006. SPIE, 2019, pp. 29–48

work page 2019
[15]

Data, analytics, and artificial intelligence adoption strategy: Accelerating decision advantage,

K. Hicks, “Data, analytics, and artificial intelligence adoption strategy: Accelerating decision advantage,” June 2023

work page 2023
[16]

Kairouz and H

P. Kairouz and H. McMahan,Advances and Open Problems in Federated Learning, ser. Found. Trends Mach. Learn. Now Publishers, 2021, vol. 14

work page 2021
[17]

A survey on large language model (llm) security and privacy: The good, the bad, and the ugly,

Y . Yao, J. Duan, K. Xu, Y . Cai, Z. Sun, and Y . Zhang, “A survey on large language model (llm) security and privacy: The good, the bad, and the ugly,”High-Confid. Comput., 2024

work page 2024
[18]

Poisonprompt: Backdoor attack on prompt- based large language models,

H. Yao, J. Lou, and Z. Qin, “Poisonprompt: Backdoor attack on prompt- based large language models,” inProc. IEEE ICASSP, Seoul, South Korea, Apr. 2024

work page 2024
[19]

On protecting the data privacy of large language models (llms): A survey,

B. Yan, K. Li, M. Xu, Y . Dong, Y . Zhang, Z. Ren, and X. Cheng, “On protecting the data privacy of large language models (llms): A survey,” arXiv preprint arXiv:2403.05156, 2024

work page arXiv 2024
[20]

A survey of backdoor attacks and defenses on large language models: Implications for security measures,

S. Zhao, M. Jia, Z. Guo, L. Gan, X. Xu, X. Wu, J. Fu, Y . Feng, F. Pan, and L. A. Tuan, “A survey of backdoor attacks and defenses on large language models: Implications for security measures,”arXiv preprint arXiv:2406.06852, 2024

work page arXiv 2024
[21]

K., Wen, Y ., Zhang, Y ., and Yin, C

B. Peng, Z. Bi, Q. Niu, M. Liu, P. Feng, T. Wang, L. K. Yan, Y . Wen, Y . Zhang, and C. H. Yin, “Jailbreaking and mitigation of vulnerabilities in large language models,”arXiv preprint arXiv:2410.15236, 2024

work page arXiv 2024
[22]

Universal vulnerabili- ties in large language models: Backdoor attacks for in-context learning,

S. Zhao, M. Jia, L. A. Tuan, F. Pan, and J. Wen, “Universal vulnerabili- ties in large language models: Backdoor attacks for in-context learning,” arXiv preprint arXiv:2401.05949, 2024

work page arXiv 2024
[23]

Security policy generation and verification through large language models: A proposal,

F. Martinelli, F. Mercaldo, L. Petrillo, and A. Santone, “Security policy generation and verification through large language models: A proposal,” inProc. ACM CODASPY, Porto, Portugal, June 2024

work page 2024
[24]

A proposal for trustworthy artificial intelligence,

G. Ciaramella, F. Martinelli, F. Mercaldo, and A. Santone, “A proposal for trustworthy artificial intelligence,” inProc. IEEE BigData, Sorrento, Italy, Dec. 2023

work page 2023
[25]

Beyond the hype: Toward a concrete adoption of the fair and responsible use of ai,

L. Campanile, R. De Fazio, M. Di Giovanni, and F. Marulli, “Beyond the hype: Toward a concrete adoption of the fair and responsible use of ai,” 2024

work page 2024
[26]

Zero knowledge proofs of identity,

U. Fiege, A. Fiat, and A. Shamir, “Zero knowledge proofs of identity,” inProc. ACM STOC, New York, Unites States, Jan. 1987

work page 1987
[27]

Federated learning with differential privacy: Algorithms and performance analysis,

K. Wei, J. Li, M. Ding, C. Ma, H. H. Yang, F. Farokhi, S. Jin, T. Q. Quek, and H. V . Poor, “Federated learning with differential privacy: Algorithms and performance analysis,”IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 3454–3469, 2020

work page 2020
[28]

X. Yi, R. Paulet, E. Bertino, X. Yi, R. Paulet, and E. Bertino,Homo- morphic encryption. Springer, 2014

work page 2014
[29]

Blockchain,

M. Nofer, P. Gomber, O. Hinz, and D. Schiereck, “Blockchain,”Bus. Inf. Syst. Eng., vol. 59, pp. 183–187, 2017

work page 2017

[1] [1]

Neuro-symbolic ai for military applica- tions,

D. H. Hagos and D. B. Rawat, “Neuro-symbolic ai for military applica- tions,”IEEE Trans. Artif. Intell., vol. 5, no. 12, pp. 6012–6026, 2024

work page 2024

[2] [2]

Communication-efficient learning of deep networks from decentralized data,

B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” inProc. AISTAT, Fort Lauderdale, United States, Apr. 2017

work page 2017

[3] [3]

The future of large language model pre-training is federated,

L. Sani, A. Iacob, Z. Cao, B. Marino, Y . Gao, T. Paulik, W. Zhao, W. F. Shen, P. Aleksandrov, X. Qiu, and N. D. Lane, “The future of large language model pre-training is federated,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024

[4] [4]

Worldwide federated training of language models,

A. Iacob, L. Sani, B. Marino, P. Aleksandrov, W. F. Shen, and N. D. Lane, “Worldwide federated training of language models,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024

[5] [5]

Federated learning: Challenges, methods, and future directions,

T. Li, A. K. Sahu, A. Talwalkar, and V . Smith, “Federated learning: Challenges, methods, and future directions,”IEEE Signal Process. Mag., vol. 37, no. 3, pp. 50–60, 2020

work page 2020

[6] [6]

Accelerated federated learning via greedy aggregation,

Y . Lee, S. Park, J.-H. Ahn, and J. Kang, “Accelerated federated learning via greedy aggregation,”IEEE Commun. Lett., vol. 26, no. 12, pp. 2919– 2923, 2022

work page 2022

[7] [7]

Vulnerabilities of foundation model integrated federated learning under adversarial threats,

C. Wu, X. Li, and J. Wang, “Vulnerabilities of foundation model integrated federated learning under adversarial threats,”arXiv preprint arXiv:2401.10375, 2024

work page arXiv 2024

[8] [8]

Security and privacy challenges of large language models: A survey,

B. C. Das, M. H. Amini, and Y . Wu, “Security and privacy challenges of large language models: A survey,”ACM Comput. Surv., 2025 (ac- cepeted)

work page 2025

[9] [9]

real attackers don’t compute gradients: bridging the gap between adversarial ml research and practice,

G. Apruzzese, H. S. Anderson, S. Dambra, D. Freeman, F. Pierazzi, and K. Roundy, “real attackers don’t compute gradients: bridging the gap between adversarial ml research and practice,” inProc. IEEE SaTML, North Hills Raleig, United States, Feb. 2023

work page 2023

[10] [10]

Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection,

K. Greshake, S. Abdelnabi, S. Mishra, C. Endres, T. Holz, and M. Fritz, “Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection,” inProc. ACM AISec, Copenhagen, Denmark, Nov. 2023

work page 2023

[11] [11]

Emerging safety attack and defense in federated instruction tuning of large language models,

R. Ye, J. Chai, X. Liu, Y . Yang, Y . Wang, and S. Chen, “Emerging safety attack and defense in federated instruction tuning of large language models,” inProc. FL@FM-NeurIPS, Vancouver, Canada, Dec. 2024

work page 2024

[12] [12]

The Rise and Potential of Large Language Model Based Agents: A Survey

Z. Xi, W. Chen, X. Guo, W. He, Y . Ding, B. Hong, M. Zhang, J. Wang, S. Jin, E. Zhouet al., “The rise and potential of large language model based agents: A survey,”arXiv preprint arXiv:2309.07864, 2023

work page internal anchor Pith review Pith/arXiv arXiv 2023

[13] [13]

Federated learning challenges and opportunities: An outlook,

J. Ding, E. Tramel, A. K. Sahu, S. Wu, S. Avestimehr, and T. Zhang, “Federated learning challenges and opportunities: An outlook,” inProc. IEEE ICASSP, Marina Bay, Singapore, May 2022

work page 2022

[14] [14]

Federated machine learning for multi- domain operations at the tactical edge,

G. Cirincione and D. Verma, “Federated machine learning for multi- domain operations at the tactical edge,” inArtificial intelligence and machine learning for multi-domain operations applications, vol. 11006. SPIE, 2019, pp. 29–48

work page 2019

[15] [15]

Data, analytics, and artificial intelligence adoption strategy: Accelerating decision advantage,

K. Hicks, “Data, analytics, and artificial intelligence adoption strategy: Accelerating decision advantage,” June 2023

work page 2023

[16] [16]

Kairouz and H

P. Kairouz and H. McMahan,Advances and Open Problems in Federated Learning, ser. Found. Trends Mach. Learn. Now Publishers, 2021, vol. 14

work page 2021

[17] [17]

A survey on large language model (llm) security and privacy: The good, the bad, and the ugly,

Y . Yao, J. Duan, K. Xu, Y . Cai, Z. Sun, and Y . Zhang, “A survey on large language model (llm) security and privacy: The good, the bad, and the ugly,”High-Confid. Comput., 2024

work page 2024

[18] [18]

Poisonprompt: Backdoor attack on prompt- based large language models,

H. Yao, J. Lou, and Z. Qin, “Poisonprompt: Backdoor attack on prompt- based large language models,” inProc. IEEE ICASSP, Seoul, South Korea, Apr. 2024

work page 2024

[19] [19]

On protecting the data privacy of large language models (llms): A survey,

B. Yan, K. Li, M. Xu, Y . Dong, Y . Zhang, Z. Ren, and X. Cheng, “On protecting the data privacy of large language models (llms): A survey,” arXiv preprint arXiv:2403.05156, 2024

work page arXiv 2024

[20] [20]

A survey of backdoor attacks and defenses on large language models: Implications for security measures,

S. Zhao, M. Jia, Z. Guo, L. Gan, X. Xu, X. Wu, J. Fu, Y . Feng, F. Pan, and L. A. Tuan, “A survey of backdoor attacks and defenses on large language models: Implications for security measures,”arXiv preprint arXiv:2406.06852, 2024

work page arXiv 2024

[21] [21]

K., Wen, Y ., Zhang, Y ., and Yin, C

B. Peng, Z. Bi, Q. Niu, M. Liu, P. Feng, T. Wang, L. K. Yan, Y . Wen, Y . Zhang, and C. H. Yin, “Jailbreaking and mitigation of vulnerabilities in large language models,”arXiv preprint arXiv:2410.15236, 2024

work page arXiv 2024

[22] [22]

Universal vulnerabili- ties in large language models: Backdoor attacks for in-context learning,

S. Zhao, M. Jia, L. A. Tuan, F. Pan, and J. Wen, “Universal vulnerabili- ties in large language models: Backdoor attacks for in-context learning,” arXiv preprint arXiv:2401.05949, 2024

work page arXiv 2024

[23] [23]

Security policy generation and verification through large language models: A proposal,

F. Martinelli, F. Mercaldo, L. Petrillo, and A. Santone, “Security policy generation and verification through large language models: A proposal,” inProc. ACM CODASPY, Porto, Portugal, June 2024

work page 2024

[24] [24]

A proposal for trustworthy artificial intelligence,

G. Ciaramella, F. Martinelli, F. Mercaldo, and A. Santone, “A proposal for trustworthy artificial intelligence,” inProc. IEEE BigData, Sorrento, Italy, Dec. 2023

work page 2023

[25] [25]

Beyond the hype: Toward a concrete adoption of the fair and responsible use of ai,

L. Campanile, R. De Fazio, M. Di Giovanni, and F. Marulli, “Beyond the hype: Toward a concrete adoption of the fair and responsible use of ai,” 2024

work page 2024

[26] [26]

Zero knowledge proofs of identity,

U. Fiege, A. Fiat, and A. Shamir, “Zero knowledge proofs of identity,” inProc. ACM STOC, New York, Unites States, Jan. 1987

work page 1987

[27] [27]

Federated learning with differential privacy: Algorithms and performance analysis,

K. Wei, J. Li, M. Ding, C. Ma, H. H. Yang, F. Farokhi, S. Jin, T. Q. Quek, and H. V . Poor, “Federated learning with differential privacy: Algorithms and performance analysis,”IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 3454–3469, 2020

work page 2020

[28] [28]

X. Yi, R. Paulet, E. Bertino, X. Yi, R. Paulet, and E. Bertino,Homo- morphic encryption. Springer, 2014

work page 2014

[29] [29]

Blockchain,

M. Nofer, P. Gomber, O. Hinz, and D. Schiereck, “Blockchain,”Bus. Inf. Syst. Eng., vol. 59, pp. 183–187, 2017

work page 2017