惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
V
V2EX
Martin Fowler
Martin Fowler
博客园 - Franky
P
Proofpoint News Feed
P
Palo Alto Networks Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
The Register - Security
The Register - Security
Latest news
Latest news
S
Security @ Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
Recorded Future
Recorded Future
大猫的无限游戏
大猫的无限游戏
M
Microsoft Research Blog - Microsoft Research
Scott Helme
Scott Helme
T
Tailwind CSS Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
True Tiger Recordings
有赞技术团队
有赞技术团队
I
Intezer
Cisco Talos Blog
Cisco Talos Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
The GitHub Blog
The GitHub Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Tenable Blog
博客园 - 叶小钗
Hugging Face - Blog
Hugging Face - Blog
Hacker News: Ask HN
Hacker News: Ask HN
S
Security Archives - TechRepublic
F
Future of Privacy Forum
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
MyScale Blog
MyScale Blog
N
Netflix TechBlog - Medium
罗磊的独立博客
Apple Machine Learning Research
Apple Machine Learning Research
MongoDB | Blog
MongoDB | Blog
Security Latest
Security Latest
美团技术团队
博客园 - 三生石上(FineUI控件)
S
Schneier on Security
量子位
C
CERT Recently Published Vulnerability Notes
SecWiki News
SecWiki News

cs.AI updates on arXiv.org

Visibility nowcasting in South Korea: a machine learning approach to class imbalance and distribution shift EvoScene-VLA: Evolving Scene Beliefs Inside the Action Decoder for Chunked Robot Control Implicit Safety Alignment from Crowd Preferences Graph neural network explanations reveal a topological signature of disease-associated hubs in biological networks Towards Direct Evaluation of Harness Optimizers via Priority Ranking S2ED: From Story to Executable Descriptions for Consistency-Aware Story Illustration Cross-domain benchmarks reveal when coordinated AI agents improve scientific inference from partial evidence The Shape of Testimony: A Scalable Framework for Oral History Archive Comparison Planning, Scheduling, and Behavior in EV Charging Systems: A Critical Survey and Trilemma Framework ECPO: Evidence-Coupled Policy Optimization for Evidence-Certified Candidate Ranking Frequency-Domain Regularized Adversarial Alignment for Transferable Attacks against Closed-Source MLLMs Toward AI VIS Co-Scientists: A General and End-to-End Agent Harness for Solving Complex Data Visualization Tasks Towards a General Intelligence and Interface for Wearable Health Data Compiling Agentic Workflows into LLM Weights: Near-Frontier Quality at Two Orders of Magnitude Less Cost The Attribution Impossibility: No Feature Ranking Is Faithful, Stable, and Complete Under Collinearity Measuring Cross-Modal Synergy: A Benchmark for VLM Explainability Local Covariate Selection for Average Causal Effect Estimation without Pretreatment and Causal Sufficiency Assumptions RefusalBench: Why Refusal Rate Misranks Frontier LLMs on Biological Research Prompts Active Evidence-Seeking and Diagnostic Reasoning in Large Language Models for Clinical Decision Support Patch Hierarchical Attention Transformer for Efficient Particle Jet Tagging Evaluation of Pipelines for Data Integration into Knowledge Graphs Autonomous LLM Agents & CTFs: A Second Look TO-Agents: A Multi-Agent AI Pipeline for Preference-Guided Topology Optimization Engineering Hybrid Physics-Informed Neural Networks for Next-Generation Electricity Systems: A State-of-the-Art Review Is Capability a Liability? More Capable Language Models Make Worse Forecasts When It Matters Most Claw AI Lab: An Autonomous Multi-Agent Research Team Multivariate Financial Forecasting using the Chronos Time Series Foundation Models KAPPS: A knowledge-based CPPS Architecture for the Circular Factory MPDocBench-Parse: Benchmarking Practical Multi-page Document Parsing Think Thrice Before You Speak: Dual knowledge-enhanced Theory-of-Mind Reasoning for Persuasive Agents Unlocking Proactivity in Task-Oriented Dialogue Memory-Induced Supra-Competitive Outcomes Between Deep Reinforcement Learning Agents in Optimal Trade Execution PocketAgents: A Manifest-Driven Library of Autonomous Defense Agents Predicting Performance of Symbolic and Prompt Programs with Examples AI-Enabled Serious Games: Integrating Intelligence and Adaptivity in Training Systems Harnesses for Inference-Time Alignment over Execution Trajectories Thermodynamic Irreversibility of Training Algorithms Learning Altruistic Collaboration in Heterogeneous Multi-Team Systems PEARL: Unbiased Percentile Estimation via Contrastive Learning for Industrial-Scale Livestream Recommendation Evaluating Large Language Models as Live Strategic Agents: Provider Performance, Hybrid Decomposition, and Operational Gaps in Timed Risk Play Towards a compositional semantics for quantitative confidence assessment in assurance arguments CausalGuard: Conformal Inference under Graph Uncertainty Skill Weaving: Efficient LLM Improvement via Modular Skillpacks A Camera-Cooperative ISAC Framework for Multimodal Non-Cooperative UAVs Sensing SENIOR: Efficient Query Selection and Preference-Guided Exploration in Preference-based Reinforcement Learning LCGuard: Latent Communication Guard for Safe KV Sharing in Multi-Agent Systems What Counts as AI Sycophancy? A Taxonomy and Expert Survey of a Fragmented Construct Protein Thoughts: Interpretable Reasoning with Tree of Thoughts and Embedding-Space Flow Matching for Protein-Protein Interaction Discovery TerminalWorld: Benchmarking Agents on Real-World Terminal Tasks Investigating Concept Alignment Using Implausible Category Members HarnessAPI: A Skill-First Framework for Unified Streaming APIs and MCP Tools MOSS: Self-Evolution through Source-Level Rewriting in Autonomous Agent Systems Who Uses AI? Platforms, Workforce, and AI Exposure FLUID: From Ephemeral IDs to Multimodal Semantic Codes for Industrial-Scale Livestreaming Recommendation Can AI Make Conflicts Worse? An Alignment Failure in LLM Deployment Across Conflict Contexts Knowledge Graph Re-engineering Along the Ontological Continuum (extended version) Spreadsheet-RL: Advancing Large Language Model Agents on Realistic Spreadsheet Tasks via Reinforcement Learning WorkstreamBench: Evaluating LLM Agents on End-to-End Spreadsheet Tasks in Finance Meta-Learning for Rapid Adaptation in Reference Tracking of Uncertain Nonlinear Systems CLORE: Content-Level Optimization for Reasoning Efficiency Beyond the Org Chart: AI and the Transformation of Invisible Work Deep Reinforcement Learning for Flexible Job Shop Scheduling with Random Job Arrivals Forecasting Scientific Progress with Artificial Intelligence High-speed Networking for Giga-Scale AI Factories Latent-space Attacks for Refusal Evasion in Language Models A Causal Argumentation Method for Explainability of Machine Learning Models AOP-Wiki EMOD 3.0: Data Model Expansions and Content Evaluation Framework for Using Agentic AI to Improve Integration between AOPs and New Approach Methodologies (NAMs) SMDD-Bench: Can LLMs Solve Real-World Small Molecule Drug Design Tasks? Understanding Perspectives of Patients, Caregivers and Clinicians towards Emerging Collaborative-decision Making Technologies A Reproducible Log-Driven AutoML Framework for Interpretable Pipeline Optimization in Healthcare Risk Prediction OPPO: Bayesian Value Recursion for Token-Level Credit Assignment in LLM Reasoning Format-Constraint Coupling in Knowledge Graph Construction from Statistical Tables Faster Completion, Less Learning: Generative AI Reduced Study Time on Math Problems and the Knowledge They Build Scalable On-Policy Reinforcement Learning via Adaptive Batch Scaling TBP-mHC: full expressivity for manifold-constrained hyper connections through transportation polytopes Benchmarking and Improving Monitors for Out-Of-Distribution Alignment Failure in LLMs LLM-Metrics: Measuring Research Impact Through Large Language Model Memory ChronoMedicalWorld: A Medical World Model for Learning Patient Trajectories from Longitudinal Care Data IdleSpec: Exploiting Idle Time via Speculative Planning for LLM Agents ArborKV: Structure-Aware KV Cache Management for Scaling Tree-based LLM Reasoning The Illusion of Reasoning: Exposing Evasive Data Contamination in LLMs via Zero-CoT Truncation ExComm: Exploration-Stage Communication for Error-Resilient Agentic Test-Time Scaling Support-aware offline policy selection for advertising marketplaces Scaling Observation-aware Planning in Uncertain Domains SGR-Bench: Benchmarking Search Agents on State-Gated Retrieval A Subjective Logic-based method for runtime confidence updates in safety arguments Adapting the Interface, Not the Model: Runtime Harness Adaptation for Deterministic LLM Agents SciCore-Mol: Augmenting Large Language Models with Pluggable Molecular Cognition Modules Parametric Modular Answer Set Programs Made Declarative Meta-Soft: Leveraging Composable Meta-Tokens for Context-Preserving KV Cache Compression Gated DeltaNet-2: Decoupling Erase and Write in Linear Attention The Log is the Agent: Event-Sourced Reactive Graphs for Auditable, Forkable Agentic Systems AttuneBench: A Conversation-Based Benchmark for LLM Emotional Intelligence Trace2Skill: Verifier-Guided Skill Evolution for Long-Context EDA Agents The Impact of AI Usage and Informativeness on Skill Development in Logical Reasoning Advancing Mathematics Research with AI-Driven Formal Proof Search MindLoom: Composing Thought Modes for Frontier-Level Reasoning Data Synthesis AtelierEval: Agentic Evaluation of Humans & LLMs as Text-to-Image Prompters LLM Retrieval for Stable and Predictable Ad Recommendations When Are Teacher Tokens Reliable? Position-Weighted On-Policy Self-Distillation for Reasoning
When Grammar Guides the Attack: Uncovering Control-Plane Vulnerabilities in LLMs with Structured Output
Shuoming Zha · 2026-05-23 · via cs.AI updates on arXiv.org

View PDF HTML (experimental)

Abstract:Content Warning: This paper may contain unsafe or harmful content generated by LLMs that may be offensive to readers. Large Language Models (LLMs) increasingly serve as tooling platforms through structured output APIs, but the grammar-guided decoding that powers this feature opens a critical control-plane attack surface orthogonal to traditional data-plane vulnerabilities. We introduce Constrained Decoding Attack (CDA), a new jailbreak class that targets the LLM control plane. CDA is best characterized as a control-to-semantic pipeline: (1) schema-enforced logit masking injects a malicious prefix into the generation trajectory, and (2) the model itself completes the harmful intent. Unlike data-plane jailbreaks that rely on bypassing alignment with visible inputs, CDA acts on the decoding process itself, so internal safety alignment alone cannot stop it. We instantiate CDA with EnumAttack, which hides malicious content in enum fields, and the more evasive DictAttack, which decouples the payload across a benign prompt and a dictionary-based grammar. Across 13 proprietary/open-weight models and five standard benchmarks, DictAttack achieves 94.3--99.5% Attack Success Rate (ASR) on flagship models including gpt-5, gemini-2.5-pro, deepseek-r1, and gpt-oss-120b. While basic grammar auditing mitigates EnumAttack, DictAttack still sustains 75.8% ASR against SOTA jailbreak guardrails, exposing a "semantic gap" that demands cross-plane defenses bridging the data and control planes. Project page and code are available at this https URL.
Comments: To appear in CCS2026
Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)
Cite as: arXiv:2503.24191 [cs.CR]
  (or arXiv:2503.24191v3 [cs.CR] for this version)
  https://doi.org/10.48550/arXiv.2503.24191

arXiv-issued DOI via DataCite

Submission history

From: Shuoming Zhang [view email]
[v1] Mon, 31 Mar 2025 15:08:06 UTC (1,600 KB)
[v2] Mon, 5 Jan 2026 11:49:07 UTC (693 KB)
[v3] Thu, 21 May 2026 06:13:41 UTC (695 KB)

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。