惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
Help Net Security
Help Net Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Latest news
Latest news
PCI Perspectives
PCI Perspectives
W
WeLiveSecurity
Spread Privacy
Spread Privacy
O
OpenAI News
T
Threat Research - Cisco Blogs
S
Secure Thoughts
Cyberwarzone
Cyberwarzone
S
Security Affairs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
V2EX - 技术
V2EX - 技术
V
Vulnerabilities – Threatpost
A
Arctic Wolf
P
Proofpoint News Feed
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes
N
News | PayPal Newsroom
C
Cisco Blogs
T
Troy Hunt's Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
Cloudbric
Cloudbric
L
Lohrmann on Cybersecurity
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
T
Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security @ Cisco Blogs
G
GRAHAM CLULEY
Security Latest
Security Latest
K
Kaspersky official blog
Forbes - Security
Forbes - Security
AI
AI
Hacker News - Newest:
Hacker News - Newest: "LLM"
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AWS News Blog
AWS News Blog
H
Help Net Security
N
News and Events Feed by Topic
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
量子位
Last Week in AI
Last Week in AI
小众软件
小众软件
V
V2EX

cs.CR updates on arXiv.org

Backdoor Channels Hidden in Latent Space: Cryptographic Undetectability in Modern Neural Networks CTFusion: A CTF-based Benchmark for LLM Agent Evaluation Large Language Models for Agentic NetOps and AIOps: Architectures, Evaluation, and Safety From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw Graph Representation Learning Augmented Model Manipulation on Federated Fine-Tuning of LLMs Containment Verification: AI Safety Guarantees Independent of Alignment Defense effectiveness across architectural layers: a mechanistic evaluation of persistent memory attacks on stateful LLM agents From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents Agentic Vulnerability Reasoning on Windows COM Binaries From Beats to Breaches:How Offensive AI Infers Sensitive User Information from Playlists Undetectable Backdoors in Model Parameters: Hiding Sparse Secrets in High Dimensions When Embedding-Based Defenses Fail: Rethinking Safety in LLM-Based Multi-Agent Systems Block-wise Codeword Embedding for Reliable Multi-bit Text Watermarking FlexServe: A Fast and Secure LLM Serving System for Mobile Devices with Flexible Resource Isolation TwoHamsters: Benchmarking Multi-Concept Compositional Unsafety in Text-to-Image Models Symbolic Guardrails for Domain-Specific Agents: Stronger Safety and Security Guarantees Without Sacrificing Utility Hardening x402: PII-Safe Agentic Payments via Pre-Execution Metadata Filtering Hijacking Text Heritage: Hiding the Human Signature through Homoglyphic Substitution Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit Private Seeds, Public LLMs: Realistic and Privacy-Preserving Synthetic Data Generation StegoStylo: Squelching Stylometric Scrutiny through Steganographic Stitching Learning-Based Automated Adversarial Red-Teaming for Robustness Evaluation of Large Language Models AutoGraphAD: Unsupervised network anomaly detection using Variational Graph Autoencoders CrossGuard: Safeguarding MLLMs against Joint-Modal Implicit Malicious Attacks Feedback Lunch: Learned Feedback Codes for Secure Communications Noise Aggregation Analysis Driven by Small-Noise Injection: Efficient Membership Inference for Diffusion Models A First Look at the Security Issues in the Model Context Protocol Ecosystem Formalizing the Safety, Security, and Functional Properties of Agentic AI Systems MEASER: Malware embedding attacks on open-source LLMs Fall into a Pit, Gain in a Wit: Cognitive-Guided Harmful Meme Detection via Misjudgment Risk Pattern Retrieval When Search Goes Wrong: Red-Teaming Web-Augmented Large Language Models Differentially Private Synthetic Text Generation for Retrieval-Augmented Generation (RAG) From surveillance to signalling: escalation channels as environmental controls for agentic AI STAC: When Innocent Tools Form Dangerous Chains to Jailbreak LLM Agents Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids Guidance Watermarking for Diffusion Models SecureVibeBench: Benchmarking Secure Vibe Coding of AI Agents via Reconstructing Vulnerability-Introducing Scenarios xOffense: An Autonomous Multi-Agent Framework for Penetration Testing with Domain-Adapted Large Language Models Hammer and Anvil: Toward a Theory of Backdoors in Federated Learning Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities Tell-Tale Watermarks for Explanatory Reasoning in Synthetic Media Forensics Between a Rock and a Hard Place: The Tension Between Ethical Reasoning and Safety Alignment in LLMs A Comprehensive Guide to Differential Privacy: From Theory to User Expectations Enabling Transparent Cyber Threat Intelligence Combining Large Language Models and Domain Ontologies Unveiling Unicode's Unseen Underpinnings in Undermining Authorship Attribution Searching for Privacy Risks in LLM Agents via Simulation Exact Verification of Graph Neural Networks with Incremental Constraint Solving SPRINT: Robust Model Attribution of Generated Images via Secret Pixel Reconstruction Majority Bit-Aware Watermarking For Large Language Models Coward: Collision-based OOD Watermarking for Practical Proactive Federated Backdoor Detection Prompt to Pwn: Automated Exploit Generation for Smart Contracts Activation-Guided Local Editing for Jailbreaking Attacks Random Walk Learning and the Pac-Man Attack ExCyTIn-Bench: Evaluating LLM agents on Cyber Threat Investigation White-Basilisk: A Hybrid Model for Code Vulnerability Detection Intrinsic Fingerprint of LLMs: Continue Training is NOT All You Need to Steal A Model! InvisibleInk: High-Utility and Low-Cost Text Generation with Differential Privacy Logit-Gap Steering: A Forward-Pass Diagnostic for Alignment Robustness Toward Principled LLM Safety Testing: Solving the Jailbreak Oracle Problem Exploring the Secondary Risks of Large Language Models Benchmarking Misuse Mitigation Against Covert Adversaries Efficient Preimage Approximation for Neural Network Certification Practical Adversarial Attacks on Stochastic Bandits via Fake Data Injection PARASITE: Conditional System Prompt Poisoning to Hijack LLMs Secure LLM Fine-Tuning via Safety-Aware Probing Can Large Language Models Really Recognize Your Name? PoLO: Proof-of-Learning and Proof-of-Ownership at Once with Chained Watermarking A Survey on the Safety and Security Threats of Computer-Using Agents: JARVIS or Ultron? AutoRAN: Automated Hijacking of Safety Reasoning in Large Reasoning Models Remote Rowhammer Attack using Adversarial Observations on Federated Learning Clients Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents DiffMI: Breaking Face Recognition Privacy via Diffusion-Driven Training-Free Model Inversion Chronology of Multi-Agent Interactions for Provenance of Evolving Information Gungnir: Exploiting Stylistic Features in Images for Backdoor Attacks on Diffusion Models DeePen: Penetration Testing for Audio Deepfake Detection Detecting Malicious Concepts without Image Generation in AI-Generated Content (AIGC) How Vulnerable Is My Learned Policy? Universal Adversarial Perturbation Attacks On Modern Behavior Cloning Policies Imitation Game for Adversarial Disillusion with Chain-of-Thought Reasoning in Generative AI PromptGuard: Soft Prompt-Guided Unsafe Content Moderation for Text-to-Image Models A Multiparty Homomorphic Encryption Approach to Confidential Federated Kaplan Meier Survival Analysis Red-Teaming Text-to-Image Models via In-Context Experience Replay and Semantic-Preserving Prompt Rewriting DeTrigger: A Gradient-Centric Approach to Backdoor Attack Mitigation in Federated Learning Privacy Leakage via Output Label Space and Differentially Private Continual Learning ARQ: A Mixed-Precision Quantization Framework for Accurate and Certifiably Robust DNNs CoreGuard: Safeguarding Foundational Capabilities of LLMs Against Model Stealing in Edge Deployment Power-Softmax: Towards Secure LLM Inference over Encrypted Data Hypnopaedia-Aware Machine Unlearning via Psychometrics of Artificial Mental Imagery Anomaly Detection from a Tensor Train Perspective Survival of the Cheapest: Cost-Aware Hardware Adaptation for Adversarial Robustness Convergent Differential Privacy Analysis for General Federated Learning Improving Clean Accuracy via a Tangent-Space Perspective on Adversarial Training The AI risk repository: A meta-review, database, and taxonomy of risks from artificial intelligence Towards Agentic Runtime Healing Verification of Machine Unlearning is Fragile Aggressive or Imperceptible, or Both: Network Pruning Assisted Hybrid Byzantines in Federated Learning Whispers in the Machine: Confidentiality in Agentic Systems MalPurifier: Enhancing Android Malware Detection with Adversarial Purification against Evasion Attacks Towards Adaptive, Learning-Based Security in Decentralized Applications Can Blockchains Reliably Train Machine Learning Models?
Local LLM Agents as Vulnerable Runtimes:A Source-Code Audit of the Agent Runtime Layer
[Submitted on 19 Jun 2026] · 2026-06-23 · via cs.CR updates on arXiv.org

View PDF HTML (experimental)

Abstract:Local LLM agents such as OpenClaw and Nanobot run on end-user machines and act on host resources - the shell, filesystem, browser, stored credentials, and messaging applications - through natural-language goals. These agents have become privileged software runtimes that mediate between user intent, model outputs, and host-level actions. Existing research characterizes the landscape through prompt injection, malicious skills, marketplace risks, or black-box evaluation of agents. But the implementation layer that performs this mediation, the prompt builder, parser, tool dispatcher, skill loader, memory writer, network client, and permission gate, has remained an unexamined safety boundary. To our knowledge, no prior work has examined the agent's source tree to audit these components for implementation-level security weaknesses. We present CLAWAUDIT, a static auditing framework for measuring vulnerability exposure in local LLM agent runtimes. CLAWAUDIT derives a five-category vulnerability taxonomy from STRIDE and develops custom static-analysis rules that target agent-specific patterns absent from established rule sets for vulnerability analysis. We instantiate the taxonomy in two backends, 47 Semgrep YAML rules and 30 CodeQL queries, and evaluate on OPENCLAWBENCH, a benchmark of 446 source-code-level advisories from the OpenClaw repository and split temporally into 229 rule-derivation (train) and 217 held-out (test) advisories. On the held-out test, CLAWAUDIT raises Semgrep recall from 21.7% (Pro baseline) to 66.8%, and CodeQL recall from 13.8% (security-extended) to 75.1%. Train/test gaps remain within 4 percentage points for all four configurations, indicating that the rules generalize to vulnerabilities unseen during rule writing. A preliminary live-code audit shows that these recall-oriented rules require manual triage, motivating semantic filtering before production deployment.

Submission history

From: Zhengsong Zhang [view email]
[v1] Fri, 19 Jun 2026 03:40:00 UTC (3,091 KB)