The paper proposes UNSEEN, a cross-stack defense system combining AR access control, LLM unlearning, and agent guardrails to mitigate sophisticated AR-LLM social engineering attacks.

This paper introduces a dual-layer side-channel attack framework that exploits the variable workload introduced by dynamic image preprocessing in local Vision-Language Models (VLMs) to infer sensitive…

This paper demonstrates that visual phishing detectors can be completely bypassed by employing simple timing-based attacks that delay the rendering of key webpage elements.

ThermalTap presents the first passive, non-contact side-channel attack that fingerprints virtual reality (VR) applications by analyzing the long-wave infrared (LWIR) thermal radiation emitted by the h…

The paper introduces EvaluatAR, a cross-device evaluation framework that standardizes the testing of bystander Privacy-Enhancing Technologies (PETs) in Augmented Reality (AR) to enable rapid, reproduc…

The paper introduces VIPER, a novel backdoor attack framework that exploits the functional fusion of malicious and benign logic within dynamic prompt architectures, demonstrating a new, high-risk thre…

This paper systematically analyzes 48 studies on perception attacks against autonomous vehicles, revealing that the increasing reliance on multi-sensor fusion creates new, complex vulnerabilities that…

The paper demonstrates that passive motion traces recorded during a mobile selfie capture can serve as a measurable, low-friction auxiliary signal for enhancing both spoof screening and user identity…

The paper introduces a dual-dimension evaluation for universal adversarial attacks on Vision-Language Models (VLMs), demonstrating that high reported attack success rates significantly overestimate th…

SnapGuard proposes a lightweight, multimodal method to detect prompt injection attacks in screenshot-based web agents by analyzing visual stability and contrast-polarity textual signals, achieving hig…

The paper introduces TESLA, a novel, contactless electromagnetic (EM) side-channel attack that exploits inherent EM emanations from capacitive touchscreens to extract highly sensitive user data like P…

The paper introduces SADBench, a systematic benchmark designed to evaluate both the effectiveness of steganographic attacks injecting harmful content and the robustness of steganalysis defenses agains…

The paper demonstrates a coordinated, cross-modal spoofing attack that successfully deceives state-of-the-art multi-sensor fusion systems in autonomous vehicles by making multiple sensors agree on a f…

The paper introduces Multi-Clip Video (MCV) SafetyBench, a dataset demonstrating that the vulnerability of Multimodal Large Language Models (MLLMs) to jailbreaking increases with the diversity and num…

The paper introduces a synthetic dataset of multi-round conversations to detect conversational smishing, finding that XGBoost with TF-IDF features achieved the best performance (72.5% accuracy).

The paper argues that LLM agent security is fundamentally an agent-human interaction (AHI) problem, demonstrating that industry practices rely on human-centric mechanisms while academic research focus…

The paper introduces 'adversarial restlessness,' an activation-level signature in LLM residual streams, to detect multi-turn prompt injection attacks with high accuracy.

PASTA proposes a novel, twofold stealthy backdoor attack that enables high-success-rate backdoor activation across arbitrary patches in Vision Transformers by leveraging the Trigger Radiating Effect (…

The paper demonstrates that the Brazilian e-Voting Machine interface generates a simple and highly distinctive electromagnetic spectral signature, raising significant concerns about its susceptibility…

The paper argues that deepfake detection research is misaligned because it focuses on historical threats (public-figure face-swaps) while ignoring the dominant, emerging harms like NCII, voice-cloning…