ML Security PapersDAMASHA: Detecting AI in Mixed Adversarial Texts via Segmentation with Human-interpretable Attribution
L. D. M. S. Sai Teja 1, N. Siva Gopala Krishna 2, Ufaq Khan 3, Muhammad Haris Khan 3, Atul Mishra 2
Published on arXiv
2512.04838
Output Integrity Attack
OWASP ML Top 10 — ML09
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Info-Mask significantly improves span-level robustness under adversarial conditions across multiple architectures, establishing new baselines for mixed human-AI authorship detection under adversarial perturbation
Info-Mask
Novel technique introduced
In the age of advanced large language models (LLMs), the boundaries between human and AI-generated text are becoming increasingly blurred. We address the challenge of segmenting mixed-authorship text, that is identifying transition points in text where authorship shifts from human to AI or vice-versa, a problem with critical implications for authenticity, trust, and human oversight. We introduce a novel framework, called Info-Mask for mixed authorship detection that integrates stylometric cues, perplexity-driven signals, and structured boundary modeling to accurately segment collaborative human-AI content. To evaluate the robustness of our system against adversarial perturbations, we construct and release an adversarial benchmark dataset Mixed-text Adversarial setting for Segmentation (MAS), designed to probe the limits of existing detectors. Beyond segmentation accuracy, we introduce Human-Interpretable Attribution (HIA overlays that highlight how stylometric features inform boundary predictions, and we conduct a small-scale human study assessing their usefulness. Across multiple architectures, Info-Mask significantly improves span-level robustness under adversarial conditions, establishing new baselines while revealing remaining challenges. Our findings highlight both the promise and limitations of adversarially robust, interpretable mixed-authorship detection, with implications for trust and oversight in human-AI co-authorship.
Key Contributions
- Info-Mask framework integrating stylometric cues, perplexity-driven signals, and structured boundary modeling for adversarially robust mixed-authorship text segmentation
- MAS adversarial benchmark dataset for evaluating AI text detector robustness against NLP-level evasion attacks (word/character substitution, paraphrasing)
- Human-Interpretable Attribution (HIA) overlays that surface stylometric features driving boundary predictions, validated in a human study
🛡️ Threat Analysis
Constructs the MAS adversarial benchmark using text-level evasion attacks (word substitution, paraphrasing via BAE, HotFlip, etc.) targeting the AI content detector at inference time, and Info-Mask explicitly defends against these adversarial perturbations.
Primary contribution is a novel framework (Info-Mask) for detecting AI-generated content in mixed-authorship text, directly targeting output integrity and AI content authenticity/provenance.