English
Related papers

Related papers: Models Are Codes: Towards Measuring Malicious Code…

200 papers

In a malicious tool attack, an attacker uploads a malicious tool to a distribution platform; once a user inadvertently installs the tool and the LLM agent selects it during task execution, the tool can compromise the user's security and…

Cryptography and Security · Computer Science 2026-05-12 Yuepeng Hu , Yuqi Jia , Mengyuan Li , Dawn Song , Neil Gong

Machine learning model repositories such as the Hugging Face Model Hub facilitate model exchanges. However, bad actors can deliver malware through compromised models. Existing defenses such as safer model formats, restrictive (but…

Pickle deserialization vulnerabilities have persisted throughout Python's history, remaining widely recognized yet unresolved. Due to its ability to transparently save and restore complex objects into byte streams, many AI/ML frameworks…

Cryptography and Security · Computer Science 2025-08-28 Tong Liu , Guozhu Meng , Peng Zhou , Zizhuang Deng , Shuaiyin Yao , Kai Chen

The proliferation of open Pre-trained Language Models (PTLMs) on model registry platforms like Hugging Face (HF) presents both opportunities and challenges for companies building products around them. Similar to traditional software…

Software Engineering · Computer Science 2025-02-20 Adekunle Ajibode , Abdul Ali Bangash , Filipe Roseiro Cogo , Bram Adams , Ahmed E. Hassan

Developers are sharing pre-trained Machine Learning (ML) models through a variety of model sharing platforms, such as Hugging Face, in an effort to make ML development more collaborative. To share the models, they must first be serialized.…

Software Engineering · Computer Science 2025-01-07 Beatrice Casey , Kaia Damian , Andrew Cotaj , Joanna C. S. Santos

The proliferation of malicious URLs has made their detection crucial for enhancing network security. While pre-trained language models offer promise, existing methods struggle with domain-specific adaptability, character-level information,…

Cryptography and Security · Computer Science 2025-03-24 Ruitong Liu , Yanbin Wang , Haitao Xu , Zhan Qin , Fan Zhang , Yiwei Liu , Zheng Cao

The rapidly evolving fields of Machine Learning (ML) and Artificial Intelligence have witnessed the emergence of platforms like Hugging Face (HF) as central hubs for model development and sharing. This experience report synthesizes insights…

Software Engineering · Computer Science 2024-02-13 Joel Castaño , Silverio Martínez-Fernández , Xavier Franch

With tools like GitHub Copilot, automatic code suggestion is no longer a dream in software engineering. These tools, based on large language models, are typically trained on massive corpora of code mined from unvetted public sources. As a…

Cryptography and Security · Computer Science 2024-01-25 Hojjat Aghakhani , Wei Dai , Andre Manoel , Xavier Fernandes , Anant Kharkar , Christopher Kruegel , Giovanni Vigna , David Evans , Ben Zorn , Robert Sim

Large language models (LLMs) have revolutionized software development practices, yet concerns about their safety have arisen, particularly regarding hidden backdoors, aka trojans. Backdoor attacks involve the insertion of triggers into…

Software Engineering · Computer Science 2024-05-21 Aftab Hussain , Md Rafiqul Islam Rabin , Mohammad Amin Alipour

In recent years, large language models (LLMs) have made significant progress in the field of code generation. However, as more and more users rely on these models for software development, the security risks associated with code generation…

Artificial Intelligence · Computer Science 2024-08-21 Shangxi Wu , Jitao Sang

As the capabilities of large language models continue to advance, so does their potential for misuse. While closed-source models typically rely on external defenses, open-weight models must primarily depend on internal safeguards to…

Cryptography and Security · Computer Science 2026-02-17 Lukas Struppek , Adam Gleave , Kellin Pelrine

Large language models (LLMs) are becoming a popular tool as they have significantly advanced in their capability to tackle a wide range of language-based tasks. However, LLMs applications are highly vulnerable to prompt injection attacks,…

Computation and Language · Computer Science 2024-11-11 Md Abdur Rahman , Fan Wu , Alfredo Cuzzocrea , Sheikh Iqbal Ahamed

AI-powered coding assistant tools have revolutionized the software engineering ecosystem. However, prior work has demonstrated that these tools are vulnerable to poisoning attacks. In a poisoning attack, an attacker intentionally injects…

Cryptography and Security · Computer Science 2023-12-12 Sanghak Oh , Kiho Lee , Seonhye Park , Doowon Kim , Hyoungshick Kim

Adversaries can embed backdoors in deep learning models by introducing backdoor poison samples into training datasets. In this work, we investigate how to detect such poison samples to mitigate the threat of backdoor attacks. First, we…

Machine Learning · Computer Science 2023-06-21 Xiangyu Qi , Tinghao Xie , Jiachen T. Wang , Tong Wu , Saeed Mahloujifar , Prateek Mittal

Backdoor attacks for neural code models have gained considerable attention due to the advancement of code intelligence. However, most existing works insert triggers into task-specific data for code-related downstream tasks, thereby limiting…

Cryptography and Security · Computer Science 2023-06-16 Yanzhou Li , Shangqing Liu , Kangjie Chen , Xiaofei Xie , Tianwei Zhang , Yang Liu

For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world…

Cryptography and Security · Computer Science 2026-03-24 Nicolas Küchler , Ivan Petrov , Conrad Grobler , Ilia Shumailov

The widespread adoption of Large Language Models (LLMs) has heightened concerns about their security, particularly their vulnerability to jailbreak attacks that leverage crafted prompts to generate malicious outputs. While prior research…

Cryptography and Security · Computer Science 2025-06-13 Haoyang Li , Huan Gao , Zhiyuan Zhao , Zhiyu Lin , Junyu Gao , Xuelong Li

The proliferation of face forgery techniques has raised significant concerns within society, thereby motivating the development of face forgery detection methods. These methods aim to distinguish forged faces from genuine ones and have…

Computer Vision and Pattern Recognition · Computer Science 2024-02-20 Jiawei Liang , Siyuan Liang , Aishan Liu , Xiaojun Jia , Junhao Kuang , Xiaochun Cao

AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub,…

Cryptography and Security · Computer Science 2024-02-12 Domenico Cotroneo , Cristina Improta , Pietro Liguori , Roberto Natella

The rise of pre-trained unified foundation models breaks down the barriers between different modalities and tasks, providing comprehensive support to users with unified architectures. However, the backdoor attack on pre-trained models poses…

Cryptography and Security · Computer Science 2023-02-27 Zenghui Yuan , Yixin Liu , Kai Zhang , Pan Zhou , Lichao Sun