arxiv.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-22 2026 | A Survey of the Overlooked Dangers of Template Engines (arXiv 2024)SSTI | A Survey of the Overlooked Dangers of Template Engines (arXiv 2024) |
| 2026-04-22 2026 | When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot PluginsAI | When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins |
| 2026-04-22 2026 | Prompt Injection Attacks on Agentic Coding Assistants: A Systematic AnalysisAI | Prompt Injection Attacks on Agentic Coding Assistants: A Systematic Analysis |
| 2026-04-22 2026 | Prompt Injection 2.0: Hybrid AI ThreatsAI | Prompt Injection 2.0: Hybrid AI Threats |
| 2026-04-22 2026 | Architecting Secure AI Agents: System-Level Defenses Against Indirect Prompt InjectionAI | Architecting Secure AI Agents: System-Level Defenses Against Indirect Prompt Injection |
| 2026-04-22 2026 | deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented HarnessesFuzzing | deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses |
| 2026-04-22 2026 | Fixing Security Vulnerabilities with AI in OSS-FuzzFuzzing | Fixing Security Vulnerabilities with AI in OSS-Fuzz |
| 2026-04-22 2026 | A Survey of Network Protocol Fuzzing: Model, Techniques and DirectionsFuzzing | A Survey of Network Protocol Fuzzing: Model, Techniques and Directions |
| 2026-04-22 2026 | Synthesizing XSS Polyglots with Monte Carlo Tree Search (arXiv 2025)XSS | Synthesizing XSS Polyglots with Monte Carlo Tree Search (arXiv 2025) |
| 2026-04-19 2026 | Prompt Injection Attack Against LLM-Integrated Applications — arXivAI | Prompt Injection Attack Against LLM-Integrated Applications — arXiv |
| 2026-04-17 2026 | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv)Supply Chain | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) |
| 2026-04-17 2026 | SBOM Literature Review (arXiv)Supply Chain | SBOM Literature Review (arXiv) |
| 2026-04-16 2026 | Empirical Study on RCE in ML Model Hosting EcosystemsRCE | Empirical Study on RCE in ML Model Hosting Ecosystems |
| 2026-04-16 2026 | The Art of Hide and Seek: Pickle-Based Model Supply Chain PoisoningDeser | The Art of Hide and Seek: Pickle-Based Model Supply Chain Poisoning |
| 2026-04-16 2026 | Bypassing LLM Guardrails: Evasion Attacks against Prompt Injection DetectionAI | Bypassing LLM Guardrails: Evasion Attacks against Prompt Injection Detection |
| 2026-04-16 2026 | EchoLeak: First Real-World Zero-Click Prompt Injection ExploitAI | EchoLeak: First Real-World Zero-Click Prompt Injection Exploit |
| 2026-04-16 2026 | The Dark Side of LLMs: Agent-based Attacks for Complete Computer TakeoverAI | The Dark Side of LLMs: Agent-based Attacks for Complete Computer Takeover |
| 2026-04-16 2026 | MCP Safety Audit: LLMs with MCP Allow Major Security ExploitsAI | MCP Safety Audit: LLMs with MCP Allow Major Security Exploits |
| 2026-04-11 2026 | G2Fuzz: Grammar-Aware Fuzzing with LLMsFuzzing | G2Fuzz: Grammar-Aware Fuzzing with LLMs |
| 2026-04-11 2026 | Involuntary Jailbreak: On Self-Prompting AttacksAI | Involuntary Jailbreak: On Self-Prompting Attacks |
| 2026-04-11 2026 | Practical Poisoning Attacks against Retrieval-Augmented GenerationAI | Practical Poisoning Attacks against Retrieval-Augmented Generation |
| 2026-04-11 2026 | RAG Safety: Exploring Knowledge Poisoning Attacks to RAGAI | RAG Safety: Exploring Knowledge Poisoning Attacks to RAG |
| 2026-04-11 2026 | Benchmarking Poisoning Attacks against Retrieval-Augmented GenerationAI | Benchmarking Poisoning Attacks against Retrieval-Augmented Generation |
| 2026-04-10 2026 | Multi-target Coverage-based Greybox FuzzerFuzzing | Multi-target Coverage-based Greybox Fuzzer |
| 2026-04-10 2026 | PickleBall: Secure Deserialization of Pickle-based ML ModelsDeser | PickleBall: Secure Deserialization of Pickle-based ML Models |
| 2026-04-10 2026 | Deserialization Gadget Chains in Android: An In-Depth StudyDeser | Deserialization Gadget Chains in Android: An In-Depth Study |
| 2026-04-06 2026 | Enhancing REST API Fuzzing with Access Policy Violation DetectionAPI SecFuzzing | Enhancing REST API Fuzzing with Access Policy Violation Detection |
| 2026-04-06 2026 | Fuzzing REST APIs in Industry: Necessary Features and Lessons LearnedFuzzing | Fuzzing REST APIs in Industry: Necessary Features and Lessons Learned |
| 2026-04-03 2026 | Red Teaming the Mind of the Machine: Evaluation of Prompt Injection and Jailbreak VulnerabilitiesAI | Red Teaming the Mind of the Machine: Evaluation of Prompt Injection and Jailbreak Vulnerabilities |
| 2026-04-03 2026 | MALF: A Multi-Agent LLM Framework for Intelligent FuzzingFuzzing | MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing |
| 2026-04-03 2026 | A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPIPython | A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI |