cs.CRcs.AI
UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks
Apr 25, 2026
The paper proposes UNSEEN, a cross-stack defense system combining AR access control, LLM unlearning, and agent guardrails to mitigate sophisticated AR-LLM social engineering attacks.
Emerging AR-LLM-based Social Engineering attack (e.g., SEAR) is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR (Augmented Reality) glass to capture the image and vocal information of the target, using the LLM to identify the target and generate the social profile, using the LLM agents to apply social engineering strategies for conversation suggestion to win the target trust and perform phishing afterwards. Current defensive approaches, such as role-based access control or data flow tracking, are not directly applicable to the convergent AR-LLM ecosystem (considering embedded AR device and opaque LLM inference), leaving an emerging and potent social engineering threat that existing privacy paradigms are ill-equipped to address. This necessitates a shift beyond solely human-centric measures like legislation and user education toward enforceable vendor policies and platform-level restrictions. Realizing this vision, however, faces significant technical challenges: securing resource-constrained AR-embedded devices, implementing fine-grained access control within opaque LLM inferences, and governing adaptive interactive agents. To address these challenges, we present UNSEEN, a coordinated cross-stack defense that combines an AR ACL (Access Control Layer) for identity-gated sensing, F-RMU-based LLM unlearning for sensitive profile suppression, and runtime agent guardrails for adaptive interaction control. We evaluate UNSEEN in an IRB-approved user study with 60 participants and a dataset of 360 annotated conversations across realistic social scenarios.
Secure Forgetting: A Framework for Privacy-Driven Unlearning in Large Language Model (LLM)-Based Age…
The paper proposes a comprehensive framework for LLM-based agent unlearning, ena…
Attack by Unlearning: Unlearning-Induced Adversarial Attacks on Graph Neural Networks
This paper introduces 'unlearning corruption attacks,' demonstrating that the pe…
A Synthetic Conversational Smishing Dataset for Social Engineering Detection
The paper introduces a synthetic dataset of multi-round conversations to detect…
Estimating the Social Cost of Corporate Data Breaches
This study estimates the true social cost of corporate data breaches by quantify…
From Logic Monopoly to Social Contract: Separation of Power and the Institutional Foundations for Au…
The paper proposes replacing individual agent autonomy with a structured 'social…
Synthetic Trust Attacks: Modeling How Generative AI Manipulates Human Decisions in Social Engineerin…
The paper introduces Synthetic Trust Attacks (STAs) as a formal threat category,…
Prompt Control-Flow Integrity: A Priority-Aware Runtime Defense Against Prompt Injection in LLM Syst…
The paper introduces Prompt Control-Flow Integrity (PCFI), a priority-aware runt…
Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning
The paper proposes a novel bi-level exact unlearning attack targeting Large Reas…