惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar NIST Updates NVD Operations to Address Record CVE Growth New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy Lessons Learned from the Consortium: Tool Use in Agent Systems
NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems
Chad Boutin · 2026-06-09 · via News and Events Feed by Topic
A person types on a laptop behind floating translucent graphics related to AI, computer code and a brain scan.

Credit: TippaPatt/Shutterstock

Can we make artificial intelligence impervious to adversaries who want to twist the technology to nefarious ends? Though AI is among the newest of technologies, the question’s answer is nearly a century old. 

Try as we might, we can never render AI completely unassailable using conventional security models. In the peer-reviewed journal IEEE Security and Privacy, Apostol Vassilev, a senior scientist at the National Institute of Standards and Technology (NIST), has published a mathematical proof of this statement building on work published in 1931 by famed logician Kurt Gödel. His incompleteness theorems showed that there are limits to what can be proved within a system built on a finite number of rules. 

The guardrails that govern an AI’s behavior are just such a system, and one of the proof’s implications is that there will always be a way to prompt an AI system to disregard its rules — it’s just a matter of finding it.

“One of the pillars of responsible AI is that you want the technology to be secure,” said Vassilev, the proof’s author and an expert in adversarial machine learning. “You want it to withstand adversarial attacks and perform only what you want it to do, not what an attacker might want. What this proof shows is that there is no finite set of guardrails that is universally robust against adversarial prompts.”

Companies that develop AI often acknowledge that the tools they are creating have the potential to cause harm in the physical world, so they build in constraints intended to stop AI from generating prohibited content such as deepfakes, malware or instructions for making biological weapons or illicit drugs. If the system is prompted to generate such content, the guardrails should flag the issue and refuse to comply. 

However, these constraints are not foolproof. Attackers can evade them by crafting prompts in ways that cause AI to inadvertently bypass its own refusal mechanisms. Successfully “jailbreaking” AI strips it of its guardrails, leading to real-world risks such as cyberattacks, data breaches and highly personalized phishing messages. 

Gödel’s original proof dashed the hopes of several prominent mathematicians who in the early 20th century were attempting to create a mathematical “theory of everything” from a small set of basic statements, or axioms. With a well-chosen set of initial axioms, they reasoned, it would be possible to prove all ideas in any branch of math. 

“Gödel put an end to this dream,” Vassilev said. “He showed that you can’t have a finite set of statements and create a theory that is complete and consistent without contradictions. You can add more statements to address the contradictions you encounter, but you’re back to where you started. It happens again.”

In AI’s case, the “finite set of statements” is the group of guardrails an AI’s designer creates to keep the AI from doing something undesired. Regardless of how well-considered they may be, Vassilev’s proof shows that there will always be ways to prompt the AI that can make it disregard these rules. It’s just a matter of finding the right prompt. 

“Gödel’s logic applies here,” Vassilev says. “You can never make a claim that you are robust against all adversarial prompt attacks. There will always be some prompt that can potentially evade and defeat any defensive infrastructure that you have built around your AI system.”

Fortunately for defenders, this new mathematical theory leaves room for hardening the deployed AI systems to a point that they are not easy to exploit. Vassilev’s proof provides no recipe for attackers about how to find new exploits.

“You force the attacker to look for what security specialists call ‘zero-day exploits,’ which are problems in the system that no one knows about but you,” Vassilev says. “Hackers often take advantage of these vulnerabilities when they find them. And if they find such a vulnerability in one company’s system, it’s usually a short time before someone exploits it in another system that has the same weakness.”

Such zero-day exploits for traditional deterministic software have not been easy to find and execute, Vassilev said; often they have required the resources of nation-state-sized adversaries. The trouble with the AI era, Vassilev said, is that we use human language as the input to the system. The complexity and richness of the language makes compliance-checking built on a finite set of rules infinitely ambiguous. The number of ways in which adversaries can hide harmful intent in plain sight is effectively limitless. 

What are we to do, then? Vassilev offers an approach that will not completely solve the problem, but one that will make it far more difficult for adversarial prompts to succeed in jailbreaking an AI. 

The approach has three elements: constant work by “red teams” that seek to uncover new adversarial prompts before actual attackers do; continuous updates that harden AI guardrails against newly discovered adversarial prompts; and operational resilience that prioritizes impact limitation and quick recovery when, not if, an exploit occurs. 

“The goal is to reach a state where the cost of finding new exploits exceeds attackers’ resources,” he said. “You can’t escape Gödel in math, and in AI you likely can’t patch an AI system like an LLM and then expect to be OK forever. You have to commit to a constant search for weaknesses and stay ahead of attackers. The goal is to reach a new economic equilibrium where you make it financially prohibitive for attackers to attempt to break your AI system. It may be expensive, but that’s the cost of even partial security that should allow organizations to maximize the benefits of AI while minimizing the risks.” 


Paper: Apostol Vassilev, Robust AI Security and Alignment: A Sisyphean Endeavor? IEEE Security & Privacy. May 2026. DOI: 10.1109/MSEC.2026.3678214