The paper introduces TrEEStealer, a novel side-channel attack that efficiently steals Decision Trees (DTs) protected within Trusted Execution Environments (TEEs), demonstrating that TEEs fail to provi…

The paper proposes a unified closed-loop threat taxonomy to systematically analyze and defend foundation models by explicitly framing the bidirectional security interactions between data and models.

The paper introduces GEO-Bench, a unified benchmark that standardizes the evaluation of various generative engine optimization (GEO) ranking manipulation attacks, demonstrating that black-box content…

GEO-Bench introduces a standardized benchmark to compare various ranking manipulation attacks (both black-box and white-box) on generative engines, demonstrating that black-box content rewriting can b…

NeuroTrace introduces a novel framework using Inference Provenance Graphs (IPGs) to analyze the information flow during deep neural network inference, demonstrating that this provenance provides a rob…

The paper proposes AnaFP, a theoretically guided analytical fingerprinting scheme that determines the optimal distance of a model's fingerprint from the decision boundary to ensure both robustness and…

FlowGuard introduces an identity-independent defense using flow matching to detect data-free model stealing attacks by identifying synthetic queries as out-of-distribution based on their lower-dimensi…

This paper introduces 'unlearning corruption attacks,' demonstrating that the performance degradation inherent in approximate graph unlearning can be exploited by an adversary to significantly reduce…

LymphNode is a novel, post-hoc access control framework that protects Deep Neural Networks (DNNs) from model extraction and inversion attacks by enforcing a default-deny policy and selectively restori…

The paper evaluates graph-context LLM defenders against multi-round, adaptive fraud attacks, finding that while graph context improves early safety, it significantly increases benign over-refusal due…

The paper proposes SubPopMark, a novel subpopulation-driven framework that injects harmless, verifiable markers into distilled datasets to prevent copyright infringement and data leakage.

The paper introduces Bayesian Membership Privacy (BMP), a sampling-aware framework that accurately quantifies node-level membership privacy in Graph Neural Networks by treating graph sampling probabil…

The paper demonstrates that large language models can autonomously hack and self-replicate across a network by exploiting common web-application vulnerabilities.

The paper proposes Adaptive Stealing (AS), a novel and more robust watermark stealing algorithm that dynamically selects optimal attack perspectives to significantly increase the efficiency of comprom…

IrisFP introduces a novel adversarial-example-based framework that generates composite-sample fingerprints near the intersection of multiple decision boundaries, significantly enhancing model ownershi…

The paper introduces a Verifiable Gradient Inversion Attack (VGIA) that provides an explicit, certifiable method for reconstructing individual training records from shared gradients, particularly effe…

This paper critically re-evaluates the use of Graph Neural Networks (GNNs) for Bitcoin fraud detection, demonstrating that under strict, leakage-free temporal evaluation, simple feature-only models si…

This paper demonstrates that current AI model extraction defenses, which assume attacks come from single sources, are easily bypassed by coordinated, distributed threat actors.

The paper introduces Compositional Semantic Fingerprinting (CSF), a black-box method that allows IP owners to attribute fine-tuned text-to-image models to their protected lineages using only query acc…

The paper proposes AuthGraph, a dual-graph defense framework that structurally compares information provenance (what data was used) against a clean authorization baseline to detect fine-grained, param…