IrisFP introduces a novel adversarial-example-based framework that generates composite-sample fingerprints near the intersection of multiple decision boundaries, significantly enhancing model ownershi…

The paper introduces Compositional Semantic Fingerprinting (CSF), a black-box method that allows IP owners to attribute fine-tuned text-to-image models to their protected lineages using only query acc…

ArmSSL is a novel watermarking framework that provides robust, black-box ownership verification for self-supervised learning encoders while maintaining high utility and resisting adversarial attacks.

The paper proposes Cert-LAS, a novel certified method for verifying model ownership in text-to-image diffusion models, which is robust against malicious signal removal attacks.

The paper proposes a unified closed-loop threat taxonomy to systematically analyze and defend foundation models by explicitly framing the bidirectional security interactions between data and models.

The paper demonstrates that current AI watermark removal techniques fail to achieve true forensic stealth, as the removal process often leaves behind detectable signals that distinguish the output fro…

The paper introduces GraphIP-Bench, a unified benchmark that demonstrates that stealing Graph Neural Networks (GNNs) is relatively easy, and existing defenses often fail to maintain their integrity af…

The paper proposes SubPopMark, a novel subpopulation-driven framework that injects harmless, verifiable markers into distilled datasets to prevent copyright infringement and data leakage.

This paper surveys model forensics in AI-native wireless networks, detailing key security problems and demonstrating practical workflows for verifying model authenticity and detecting malicious functi…

The paper addresses the vulnerability of zero-knowledge proximity proofs in stateful systems by proposing Zairn-ZKP, a method that embeds operational context (like drop identity and policy version) di…

The paper proposes using hardware fingerprints instead of vulnerable cryptographic keys to enhance the security and robustness of GPU location verification for governing advanced AI development.

The paper argues that watermarking must be viewed as a monitoring primitive, introducing an observer-based threat model that shows even zero-bit watermarking can enable entity-level attribution throug…

The paper introduces a theoretically grounded evaluation framework for watermarking generative models, proposing a novel method (SSB) that allows for systematic design across all security-robustness-f…

The paper introduces DiffusionHijack, a supply-chain backdoor attack that compromises the PRNG used by diffusion models to deterministically control generated images, which is successfully mitigated b…

AttnDiff introduces a data-efficient white-box framework that extracts intrinsic attention-based fingerprints to verify the provenance and detect unauthorized derivation of large language models (LLMs…

This paper presents a novel data-free Membership Inference Attack (MIA) that uses gradient inversion on Standard Cell Library Layouts (SCLLs) to reconstruct sensitive hardware images from intercepted…

The paper introduces a novel threat model, approximate obfuscation, and proposes a framework to detect IP piracy in approximate circuits by comparing their statistical error profiles.

The paper introduces Search-Bound Proximity Proofs (SBPP) to close an authorization provenance gap in encrypted geographic search by binding zero-knowledge proofs to specific search sessions for audit…

The paper develops a formal theory to analyze how throughput changes in AI-enhanced cybersecurity pipelines when stage capacities are perturbed by multipliers.

The paper proposes W-IR, a novel watermarking framework that simultaneously achieves high certified robustness against adversarial attacks and effectively mitigates identity leakage in watermarked ima…