https://xinjie-shen.com/tag/ai-security/AI SecurityWowchemy (https://wowchemy.com)en-usSat, 01 Nov 2025 00:00:00 +0000https://xinjie-shen.com/media/icon_hu646f7301b7fde7528ecdae8cec89fc29_9606_512x512_fill_lanczos_center_3.pnghttps://xinjie-shen.com/tag/ai-security/https://xinjie-shen.com/post/cka-agent/Sat, 01 Nov 2025 00:00:00 +0000https://xinjie-shen.com/post/cka-agent/<h2 id="-new-preprint-on-arxiv">🎉 New Preprint on arXiv</h2> <p>Our paper <strong>&ldquo;The Trojan Knowledge: Bypassing Commercial LLM Guardrails via Harmless Prompt Weaving and Adaptive Tree Search&rdquo;</strong> is now available on <a href="https://arxiv.org/abs/2512.01353" target="_blank" rel="noopener">arXiv</a>.</p> <h2 id="-key-results">🔑 Key Results</h2> <ul> <li><strong>96-99% attack success rates</strong> against GPT-5.2, Gemini-3.0-Pro, and Claude-Haiku-4.5</li> <li><strong>15-21pp improvement</strong> over best decomposition baselines</li> <li><strong>Up to 96× improvement</strong> over prompt optimization methods on robustly defended models</li> </ul> <h2 id="-core-insight">💡 Core Insight</h2> <p>Current guardrails detect malicious intent in optimized prompts but <strong>cannot aggregate intent across innocuous queries</strong>. CKA-Agent exploits this by weaving harmless sub-queries that collectively extract restricted knowledge.</p> <h2 id="-links">🔗 Links</h2> <ul> <li>📄 <a href="https://arxiv.org/abs/2512.01353" target="_blank" rel="noopener">Paper (arXiv)</a></li> <li>🌐 <a href="https://cka-agent.github.io/" target="_blank" rel="noopener">Project Page</a></li> </ul>