探索全球前沿学术脉络

01.

arXiv (CS.CL) 2026-06-19 DOI: arXiv:2606.19660

A Layered Security Framework Against Prompt Injection in RAG-Based Chatbots

作者:

Gulshan Saleem↗Nisar Ahmed↗Muhammad Imran Zaman↗Ali Hassan↗

Prompt injection is ranked as the most critical vulnerability in large language model (LLM) deployments by the OWASP Top 10 for LLM Applications, yet existing defenses operate at isolated pipeline stages and remain incomplete. Input filters cannot inspect retrieved documents, while output monitors cannot prevent malicious payloads from reaching the model. Consequently, retrieval-augmented generation (RAG) chatbots remain vulnerable to indirect injection, where a poisoned knowledge-base document compromises every user whose query retrieves it. We present a three-layer framework that intercepts both direct and indirect prompt injection throughout the inference pipeline. Layer 1 screens user input using a rule-based pattern library and a fine-tuned semantic anomaly classifier. Layer 2 enforces a provenance-based instruction hierarchy during context assembly, preventing retrieved content from overriding operator policy. Layer 3 audits model output using a policy rule engine and semantic drift detector before delivery. A continuous audit loop aggregates structured logs and supports retraining to adapt the classifier to emerging attack patterns. The framework is model-agnostic and deploys as middleware without modifying the underlying LLM. Evaluation on 5,080 samples across GPT-4o, Llama 3, and Mistral 7B shows that the framework reduces Attack Success Rate (ASR) from 71.4\% to 11.3\%, outperforming the best single-layer baseline by 27.3 percentage points and a published guardrail system by 23.8 percentage points, while maintaining a 4.8\% false positive rate and a median latency overhead of 61.2 ms. Ablation studies confirm that all three layers provide complementary protection and that their combined effect exceeds the sum of individual contributions.

阅读与讨论 → 访问原文 →

02.

arXiv (CS.LG) 2026-06-19 DOI: arXiv:2606.19802

Flow Map Denoisers: Traversing the Distortion-Perception Plane for Inverse Problems

作者:

Nicolas Zilberstein↗Morteza Mardani↗Santiago Segarra↗

arXiv:2606.19802v1 Announce Type: new Abstract: Image restoration faces a fundamental tradeoff: methods that minimize error produce blurry reconstructions, while those that maximize perceptual quality yield sharp but less faithful images. Existing approaches either commit to a single operating point on this distortion perception (DP) frontier or require paired-data supervision, auxiliary models, or hyperparameter tuning of the sampler to access different points. We show that flow map models, a recent extension of flow matching for few-step sampling that learns an average field, implicitly define a one-parameter family of denoisers that continuously spans the DP frontier. The lookahead parameter t acts as a control knob between the MMSE and perceptual regimes. For Gaussian targets, we prove that varying t exactly recovers the optimal DP frontier; for natural images, we observe similar behavior empirically. Within a Plug-and-Play solver, the same mechanism extends to general inverse problems, where it controls a tradeoff between perceptual alignment and data consistency. Despite the lack of exact optimality guarantees in this setting, a single trained flow map spans the DP tradeoff, matching or exceeding specialized baselines at both extremes. Extensive experiments on CelebA ($128\times 128$) and AFHQ ($256\times 256$) across several linear and nonlinear inverse tasks validate our findings.

阅读与讨论 → 访问原文 →

03.

arXiv (CS.CV) 2026-06-16 DOI: arXiv:2606.14725

Interpolation between Convolution and Attention via K-Nearest Neighbors

作者:

Mingi Kang↗

The shift from Convolutional Neural Networks to Transformers has reshaped computer vision, yet these two architectural families are typically viewed as fundamentally distinct. Convolutional Neural Networks are defined by spatially local convolution operations, while Transformers rely on global self-attention. We argue that convolution and self-attention, despite their apparent differences, can be unified within a single k-nearest neighbor aggregation framework. The critical insight is that both operations are special cases of neighbor selection and weighted aggregation. Convolution selects neighbors by spatial proximity while self-attention selects by feature similarity, revealing that they lie on a continuous spectrum rather than representing categorically different computations. We introduce Convolutional Nearest Neighbors (ConvNN), a unified framework that formalizes this connection. ConvNN exactly recovers standard and depthwise convolution by restricting neighbor selection to normalized spatial coordinates, and exactly recovers self-attention and its sparse variants, including KVT-attention, by replacing spatial proximity with scaled dot-product similarity. Beyond these special cases, ConvNN serves as a drop-in replacement for both convolution and attention layers, enabling systematic exploration of the intermediate spectrum between local and global aggregation through configurable similarity functions, neighbor selection strategies, positional encodings, and aggregation kernels.

阅读与讨论 → 访问原文 →

04.

arXiv (quant-ph) 2026-06-16 DOI: arXiv:2605.20930

Symmetry-Induced Relaxation Comb and Strong Quantum Mpemba Effect in Long-Range XXZ Spin Chains

作者:

Zijun Wei↗Mingdi Xu↗Yefeng Song↗Yangqian Yan↗Lei Pan↗

arXiv:2605.20930v3 Announce Type: replace Abstract: Understanding how symmetry constrains dissipative relaxation in open quantum many-body systems remains a central challenge in nonequilibrium physics. Here we uncover a symmetry-filtered Liouvillian mechanism for fast relaxation in a long-range XXZ spin chain subject to dephasing noise. At the isotropic point, the Hamiltonian has global \(SU(2)\) symmetry, whereas the full Liouvillian retains only the \(U(1)\) symmetry associated with total magnetization. This interplay selects a family of spatially uniform \(U(1)\)-neutral eigenoperators with exact eigenvalues \(\lambda=-2q\). Highly symmetric initial states have spectral weight only on this family, so higher-order components decay rapidly and the \(\lambda=-2\) mode governs the long-time dynamics, producing universal \(D(t)\sim e^{-2t}\) relaxation independent of system size and interaction range. Breaking the Hamiltonian symmetry restores overlap with slow Liouvillian modes and strongly suppresses relaxation. This symmetry-filtered accessibility gives rise to a strong quantum Mpemba effect, where a state farther from the steady state relaxes faster than closer thermal states. Our results establish symmetry-filtered Liouvillian mode accessibility as a route to controlling nonequilibrium relaxation in open quantum systems.

阅读与讨论 → 访问原文 →

05.

arXiv (quant-ph) 2026-06-16 DOI: arXiv:2403.13927

Noise-induced shallow circuits and absence of barren plateaus

作者:

Antonio Anna Mele↗Armando Angrisani↗Soumik Ghosh↗Sumeet Khatri↗Jens Eisert↗Daniel Stilck Fran\c{c}a↗Yihui Quek↗

arXiv:2403.13927v3 Announce Type: replace Abstract: Motivated by realistic hardware considerations of the pre-fault-tolerant era, we comprehensively study the impact of uncorrected noise on quantum circuits. We first show that in the task of estimating observable expectation values any noise truncates most quantum circuits to effectively logarithmic depth. We then prove that quantum circuits under any non-unital noise do not exhibit barren plateaus for cost functions composed of local observables. However, by using the effective shallowness, we also design an efficient classical algorithm to estimate observable expectation values within any constant additive accuracy, with high probability over the choice of the circuit, in any circuit architecture. Taken together, our results establish that, unless we carefully engineer quantum circuits to take advantage of the noise, noisy quantum circuits are unlikely to offer an advantage over shallow ones for algorithms that output observable expectation value estimates, such as many variational quantum machine learning proposals.

阅读与讨论 → 访问原文 →

06.

arXiv (math.PR) 2026-06-19 DOI: arXiv:2606.20289

Dimension-free bounds for {R}iesz transforms on the {H}amming cube via a {B}ellman function

作者:

Komla Domelevo↗Paata Ivanisvili↗Stefanie Petermichl↗Alexander Volberg↗

arXiv:2606.20289v1 Announce Type: cross Abstract: We give a Bellman-function proof of the dimension-free estimate \[ \Big\| \vec{R} f \Big\|_{L^p(\Omega;\,\ell^2)} \lesssim (p-1) \,\|f\|_{L^p(\Omega)}, \qquad 2\le p

阅读与讨论 → 访问原文 →

07.

Nature Medicine 2026-06-22 DOI: HASH:908cd4f961a076abe60d3ff395c0babf

Long-term health risks of e-cigarettes after smoking cessation

作者:

Mahdi Sheikh↗

Real‑world evidence from a nationwide cohort suggests that using electronic cigarettes after smoking cessation may attenuate the benefits of quitting in reducing lung cancer risk and mortality; more studies are urgently needed to inform evidence-based guidance.

阅读与讨论 → 访问原文 →

08.

arXiv (CS.AI) 2026-06-17 DOI: arXiv:2606.17646

SketchXplain: Intuitive Visual Explanations of Image Classifiers with Sketches

作者:

Wencan Zhang↗Mario Michelessa↗Xuejun Zhao↗Brian Y. Lim↗

arXiv:2606.17646v1 Announce Type: cross Abstract: Saliency map visualizations explain image-based AI predictions by pointing to regions, but these are often unintuitive and semantically unclear, leaving an interpretability gap. We argue that AI explanations should be intuitive – coherent to user knowledge, yet simple and selective to accelerate interpretation. Inspired by artistic drawings, we propose SketchXplain to generate sketch-based visual explanations for intuitive image-based explainable AI (XAI). Combining techniques in saliency maps, concept-bottleneck models, and sketch optimization, SketchXplain integrates saliency to select coherent observation artifacts, concepts for knowledge coherence, cues to represent them, and abstraction for simplicity. Evaluating on face expression recognition, modeling and user studies showed that SketchXplain supported quicker interpretation with more aligned visualizations than saliency maps or simple drawings. Further evaluation on skin lesion diagnosis found that SketchXplain more coherently visualized disease symptoms, better supporting lay diagnosis. Thus, this work illustrates the value of sketches for intuitive, simple, coherent, and quick image-based XAI visualizations.

阅读与讨论 → 访问原文 →

09.

arXiv (CS.CV) 2026-06-18 DOI: arXiv:2606.18591

Bridging Creative Intent and Visual Quality: Creator-Driven Recurrent Video Generation with Agentic Feedback Loops

作者:

Denis Savytski↗Aiden Lei↗Heding Liu↗Warren Yang↗Sihan Liang↗Alexander Liu↗Zhe Zhao↗

Generative AI has made content creation increasingly accessible, but many AI-generated videos lack narrative coherence and creative direction, issues that become more substantial at longer durations. Unlike coding, where AI generation benefits from reliable feedback and techniques such as recurrent self-improvement, video generation requires subjective feedback about plot, scenes, and narrative, which naturally motivates approaches that incorporate human creative direction. We introduce CHIEF, a human-AI co-creation video generation framework that places the creator at the center of human-in-the-loop iterative video refinement, and supports them by providing automatic subjective feedback. The creator incorporates their creative direction by driving each iteration, while their revisions are incorporated by a specialized refiner agent. The feedback loop is generated by persona-conditioned multimodal LLMs that watch generated videos and produce subjective critique from the audience perspectives, providing feedback that self-evaluation alone cannot capture. To test the effectiveness of our proposed framework, we work with high school and college students with no prior filmmaking experience to create videos, from short 1-minute videos to a complete short 10-minute film with a complicated plot.

阅读与讨论 → 访问原文 →

10.

arXiv (CS.AI) 2026-06-15 DOI: arXiv:2606.14693

Learning Coordinated Preference for Multi-Objective Multi-Agent Reinforcement Learning

作者:

Pengxin Wang↗Lihao Guo↗Yi Xie↗Bo Liu↗Siyang Cao↗Jingdi Chen↗

arXiv:2606.14693v1 Announce Type: cross Abstract: Cooperative multi-objective multi-agent reinforcement learning (MOMARL) models team decision making under multiple, potentially conflicting objectives. In this setting, conflicts arise not only across objectives but also across agents with different observations, roles, and contributions. We propose Preference Coordinated Multi-agent Policy Optimization (PCMA), which learns coordinated agent-specific preferences to enable complementary trade-offs among agents. Theoretically, we formulate cooperative MOMARL as a team-optimal game and show that, under suitable conditions, preference diversity can induce team improvement through a first-order improvement decomposition. Experiments on multiple cooperative MOMA environments and a practical traffic-control scenario show that PCMA improves both performance and trade-off coordination.

阅读与讨论 → 访问原文 →

11.

arXiv (CS.LG) 2026-06-17 DOI: arXiv:2606.09770

Discovering Functionally Selective Brain Regions with a Deep Topographic Multimodal Model

作者:

Badr AlKhamissi↗Johannes Mehrer↗Lara Marinov↗Ahmed Abdelaal↗Abdulkadir Gokce↗Martin Schrimpf↗

arXiv:2606.09770v2 Announce Type: replace-cross Abstract: Nearby neurons in cortex share similar response profiles, producing systematic spatial organization across sensory and cognitive systems. Recent topographic models reproduce aspects of this structure but remain unimodal and spatially constrain each layer separately, yielding fragmented maps that capture neither the contiguity of cortical processing streams nor their integration across modalities. We introduce Topo-Omni, a topographic multimodal model in which visual, auditory, and language/cognitive processing share a single contiguous in-silico sheet. Built by fine-tuning a pretrained foundation model with a spatial smoothness objective, this architecture develops clusters across modalities that are consistent with human neuroimaging, from sensory to cognitive systems. Driving or suppressing a cluster selectively biases or impairs perception, paralleling human intervention studies. Finally, we use our model to screen for novel clusters in-silico and discover new natural landscape and animal networks which we validate in human data. A single spatial principle thus organizes representations across modalities and processing stages, yielding testable hypotheses about cortical organization.

阅读与讨论 → 访问原文 →

12.

arXiv (quant-ph) 2026-06-15 DOI: arXiv:2508.03506

Conditional squeezing induced by a two-level system: arbitrary-time Magnus coefficients in the quantum Rabi model

作者:

Phoenix M. M. Paing↗Daniel F. V. James↗

arXiv:2508.03506v5 Announce Type: replace Abstract: We present a systematic Magnus expansion treatment of the quantum Rabi model beyond the Rotating Wave Approximation. We show that at the second order of Magnus series, the second-order evolution operator contains a term that induces conditional squeezing of the field mode depending on the state of the atom, in addition to the energy shifts. We analyze the scaling behavior of the conditional squeezing coefficient for $^{87}\mathrm{Rb}$ $5^2S_{1/2}\rightarrow5^2P_{1/2}$ transition line and show that the slow envelope of the squeezing coefficient is maximized at half-detuning cycles, and that it scales with $\frac{4g^2}{\omega_0|\Delta|}$. We also show that the quadrature squeezing angle suggests a possible route towards quantum non-demolition readouts, while further investigation is required for a full first-order suppression. We then connect our work to the well-studied AC-Stark shift and Bloch-Siegert shift using the effective Hamiltonian theory. Finally, we show how the energy shifts and the conditional squeezing arise, as a whole $\mathrm{SU}(1,1)$ algebra, and how they can be disentangled as individual unitary evolutions.

阅读与讨论 → 访问原文 →

13.

arXiv (quant-ph) 2026-06-15 DOI: arXiv:2511.19302

Quantitative and Optimal Device-Independent Lower Bounds on Detection Efficiency

作者:

Arkaprabha Ghosal↗Soumyadip Patra↗Peter Bierhorst↗

arXiv:2511.19302v2 Announce Type: replace Abstract: This paper examines a quantitative and optimal lower bound on the detector efficiency in a (2,2,2) Bell experiment within a fully device-independent framework, whereby the detectors used in the experiment are uncharacterized. We provide a tight lower bound on the minimum efficiency required to observe a desired Bell-CHSH violation using the Navascués-Pironio-Acín (NPA) hierarchy, confirming tightness up to four decimal places with numerical optimization over explicit quantum realizations. We then introduce the effect of dark counts and demonstrate how to quantify the minimum required efficiency to observe a desired CHSH violation with an increasing dark count error. Finally, to obtain an analytical closed-form expression of the minimum efficiency, we consider the set of no-signaling behaviors that satisfy the Tsirelson bound, which are easier to characterize than the quantum set. Using such behaviors, we find a simple closed-form expression for a lower bound on the minimum efficiency which is monotonically increasing with the CHSH violation, though the analytically obtained lower bounds are meaningfully below the numerically tight lower bound.

阅读与讨论 → 访问原文 →

14.

arXiv (quant-ph) 2026-06-12 DOI: arXiv:2402.08060

Information gain and measurement disturbance for quantum agents

作者:

Arthur O. T. Pang↗Noah Lupu-Gladstein↗Y. Batuhan Yilmaz↗C. Pria Dobney↗Rui Jie Tang↗Aharon Brodutch↗Aephraim M. Steinberg↗

arXiv:2402.08060v3 Announce Type: replace Abstract: The traditional formalism of quantum measurement (hereafter ``TQM'') describes processes where some properties of quantum states are extracted and stored as classical information. While TQM is a natural and appropriate description of how humans interact with quantum systems, it is silent on the question of how a more general, quantum, agent would do so. How do we describe the observation of a system by an observer with the ability to store not only classical information but quantum states in its memory? In this paper, we extend the idea of measurement to a more general class of sensors for quantum agents which interact with a system in such a way that the agent's memory stores information (classical or quantum) about the system under study. For appropriate sensory interactions, the quantum agent may ``learn'' more about the system than would be possible under any set of classical measurements – but as we show, this comes at the cost of additional measurement disturbance. We experimentally demonstrate such a system and characterize the tradeoffs by considering the channel capacity required to erase the effect of a measurement.

阅读与讨论 → 访问原文 →

15.

arXiv (CS.CV) 2026-06-15 DOI: arXiv:2606.13929

Self-Evolving Visual Questioner

作者:

Yijun Liang↗Hengguang Zhou↗Ming Li↗Lichen Li↗Cho-Jui Hsieh↗Tianyi Zhou↗

Vision-language models (VLMs) are typically trained as passive answerers, while their ability to actively ask diverse, non-trivial, visual-centric and grounded questions remains underexplored. Existing visual questioners' performance is bottlenecked by the availability of high-quality training data or the cost of curating them. We show that a VLM can continuously improve itself as a visual questioner without any external supervision. We propose a self-evolving framework that uses a VLM itself as both a proposer and a filter to produce harder, more informative, and visual-centric questions, while maintaining their exploration diversity to avoid training collapse. These questions are then used to train the VLM in both questioner and answerer modes. To evaluate the questioner, we introduce an agentic protocol that assesses questions along perception, reasoning, and diversity dimensions. Experiments across various backbone VLMs show that our method substantially enhances the quality and substantially expands the difficulty boundary of autonomous question generation. Under the same budget, our self-supervision is more effective than training on the static source data. Moreover, the self-evolving questioner remains a competitive or even better answerer.

阅读与讨论 → 访问原文 →

16.

medRxiv (Medicine) 2026-06-15 DOI: HASH:47c3695064431fca562ca38cb4da52c6

Entity-Aware Generation of Synthetic Clinical Progress Notes for Prostate Cancer using Large Language Model

作者:

Rey-Blanes↗Veredas-Morente↗Moreno-Barea↗F. J↗Veredas↗

Objectives: This study investigates large language models (LLMs) for clinical entity projection across substantial textual transformation. Specifically, we evaluate whether entities annotated in Spanish prostate cancer case reports can be preserved and explicitly projected when the source narratives are transformed into hospital-style clinical progress notes. Entity projection is treated as a generation-driven task, allowing paraphrase, condensation and narrative reorganisation, providing that clinically relevant entities remain recoverable as structured annotations. Methods: A corpus of 109 Spanish prostate cancer case reports was annotated using a silver-standard pipeline combining Spanish biomedical named-entity recognition with rule-based prostate-specific antigen (PSA) and Gleason extractors. The resulting silver-standard annotations were validated on a subset of generated notes against a gold-standard consensus produced by medical experts in prostate cancer. Four LLMs were evaluated for note generation and entity projection: GPT-5.4 Nano, Qwen 3.5:35B-A3B, GLM5 and Claude Sonnet 4.6. Entity-to-Entity (E2E) generation used XML-annotated cases as RAG-supported input, whereas Text-to-Entity (T2E) generation required models to generate and annotate notes directly from plain text cases. Zero-shot and few-shot prompting were tested. Projection quality was measured using precision, recall and F1-score, and complemented by LLM-as-a-judge evaluation using Kimi K2.6. Results: E2E consistently outperformed T2E, indicating that explicit entity-enriched in- put substantially facilitates entity preservation and localisation. GLM5 achieved the best E2E zero-shot result (F1 = 0.915), followed by Claude Sonnet 4.6 (F1 = 0.896). In T2E, few-shot prompting improved performance, with Claude Sonnet 4.6 reaching the highest score (F1 =0.718). Age, Gleason, Disease, Procedure, Duration and negation-related entities were robustly projected, whereas PSA and Dose showed less stable behaviour. Conclusion: LLMs can generate clinically plausible synthetic prostate cancer evolution notes while preserving a substantial proportion of source entities, particularly when explicit semantic annotations are provided as input. However, the lower and more variable performance observed in T2E highlights the difficulty of jointly generating clinical narratives and projecting entities without source-side information, especially for numerical and measure-related entities.

阅读与讨论 → 访问原文 →

17.

arXiv (CS.LG) 2026-06-16 DOI: arXiv:2606.16073

Stop the Sampler! Classifier-Based Adaptive Stopping for Sampling Kernels

作者:

Kirill Korolev↗Nikita Morozov↗Stepan Pavlenko↗Esmeralda S. Whitammer↗Sergey Samsonov↗

arXiv:2606.16073v1 Announce Type: new Abstract: Sampling from complex, unnormalized probability densities is a fundamental challenge in Bayesian inference and probabilistic modeling. While Markov chain Monte Carlo (MCMC) methods provide asymptotic guarantees, they often suffer from slow mixing and high computational costs due to fixed or manually tuned trajectory lengths. In this work, we propose a novel framework that treats trajectory termination as a learnable component of the sampling dynamics. By framing MCMC within the theory of non-acyclic generative flow networks (GFlowNets), we train state-dependent neural classifiers to decide when a trajectory has reached a high-density region and should terminate. We theoretically establish the connection between optimal classifiers and the target density via detailed balance conditions and introduce a multilevel training scheme to facilitate exploration in complex geometries. Experimental results across various benchmark densities demonstrate that our approach significantly reduces average trajectory lengths while improving mode coverage and mixing compared to standard MCMC baselines.

阅读与讨论 → 访问原文 →

18.

arXiv (quant-ph) 2026-06-19 DOI: arXiv:2606.19657

$K$-Theoretic Obstructions to Linearizing QCA Representations

作者:

Mattie Ji↗Bowen Yang↗

arXiv:2606.19657v1 Announce Type: cross Abstract: Projective representations arise naturally in physics and representation theory, and determining whether they can be linearized has been a fundamental problem. In this work, we study the analogous problem for quantum cellular automata (QCA) representations, which incorporate locality constraints imposed by a metric space $X$. Over an arbitrary field $\mathbb{F}$, we develop an obstruction theory for the linearization of QCA representations, using the algebraic $K$-theory spectrum of QCA constructed in previous work of the authors. The resulting obstructions are governed by the homotopy type of the QCA spaces, from which we extract universal obstruction classes to linearization. In the complex algebraic and unitary case, we also fully compute the homotopy types of the QCA spaces over a point, a line, and a plane.

阅读与讨论 → 访问原文 →

19.

arXiv (CS.LG) 2026-06-12 DOI: arXiv:2606.13626

Generative Modeling of Bach-Style Symbolic Music: A Comparative Study of Autoregressive, Latent-Variable, and Adversarial Approaches

作者:

Kyuil Lee↗Dezhi Yu↗Yongkang Huang↗

arXiv:2606.13626v1 Announce Type: cross Abstract: We study generative modeling of Bach-style symbolic piano music using a shared MIDI corpus and three model families: autoregressive LSTMs with attention, latent-variable models including recurrent VAEs and vector-quantized VAEs, and generative adversarial networks. We compare their ability to model polyphonic note sequences, learn useful latent representations, and generate stylistically coherent compositions. Our experiments show that the autoregressive LSTM with attention produces the most musically coherent samples, while vector quantization helps mitigate posterior collapse and yields more structured outputs than conventional recurrent VAEs. The adversarial approach captures local pitch patterns but remains difficult to train and generalizes less reliably to Bach's style. These results highlight the relative strengths and failure modes of autoregressive, latent-variable, and adversarial approaches for symbolic music generation.

阅读与讨论 → 访问原文 →

20.

arXiv (CS.CV) 2026-06-11 DOI: arXiv:2601.03326

Higher order PCA-like rotation-invariant features for detailed shape descriptors modulo rotation

作者:

Jarek Duda↗

PCA can be used for rotation invariant features, describing a shape with its $p_{ab}=E[(x_i-E[x_a])(x_b-E[x_b])]$ covariance matrix approximating shape by ellipsoid, allowing for rotation invariants like its traces of powers. However, real shapes are usually much more complicated, hence there is proposed its extension to e.g. $p_{abc}=E[(x_a-E[x_a])(x_b-E[x_b])(x_c-E[x_c])]$ order-3 or higher tensors describing central moments, or polynomial times Gaussian allowing decodable shape descriptors of arbitrarily high accuracy, and their analogous rotation invariants. Its practical applications could be rotation-invariant features to include shape modulo rotation e.g. for molecular shape descriptors, or for up to rotation object recognition in 2D images/3D scans maybe also for 3D scene understanding, or shape similarity metric allowing inexpensive comparison of objects modulo rotation avoiding costly optimization over rotations.

阅读与讨论 → 访问原文 →

21.

arXiv (CS.AI) 2026-06-16 DOI: arXiv:2606.10456

The Distributed Detectability Band Against Marginal-Preserving Attacks

作者:

Zhang Qinqin↗Gao Yuze↗

arXiv:2606.10456v2 Announce Type: replace-cross Abstract: AI-control monitors score individual agent actions to detect misbehavior, but real harm can be distributed across many benign-looking steps, each individually below any per-step alarm. We construct a marginal-preserving, correlation-encoded distributed-sabotage attack using a Gaussian-copula AR(1) construction: the per-step monitor-score marginal is held exactly equal to benign, so mean, max, top-k tail, and threshold monitors (Monitor A) are defeated by construction, while harm is encoded in the temporal correlation structure. We sequence the paper around three reviewer-mandated gates. (1) Realizability gate: the stealthy attack achieves KS-distance to benign of 0.013 (effectively zero) at all tested harm levels up to 3.0, confirming that harm is fully decoupled from the per-step marginal and realizability is not harm-limited. (2) Monitor-A-vs-B reconciliation: we show formally that the attack, built against Monitor A's score marginal, remains marginal-preserving under a different-score Monitor B (the correlation/sequence family: CUSUM, SPRT, HMM-LR, runs test, autocorrelation, windowed logistic), and scope worst-case claims to score functions that admit a temporal signature. (3) Non-empty detectability band: Monitor A achieves AUC 0.52 (chance); Monitor B spans AUC 0.79-0.97 at the same 1% FPR target, and as harm is amortized over more steps Monitor A collapses to chance while Monitor B holds at AUC ~0.95. These results demonstrate a non-empty detectability band and characterize the sub-threshold sabotage frontier: distribution-shape monitors fail by construction; temporal-correlation monitors can detect but are not trivially optimal.

阅读与讨论 → 访问原文 →

22.

arXiv (CS.LG) 2026-06-18 DOI: arXiv:2606.18933

Zero-Shot Active Feature Acquisition via LLM-Elicitation

作者:

Binyamin Perets↗Natalie Mendelson↗Shiran Vainberg↗Yehuda Chowers↗Shai Shen-Orr↗Shie Mannor↗

arXiv:2606.18933v1 Announce Type: new Abstract: Active feature acquisition (AFA) sequentially selects which features to observe to reach a classification or ranking decision. Its central limitation is reliance on large amount of labeled data to fit probabilistic models guiding acquisition. Large language models (LLMs) supply unsupervised domain knowledge, but are poor sequential planners. Asking one to both know and decide conflates capabilities best kept separate. Here, we develop a framework for zero-shot AFA through disciplined elicitation: asking the LLM only for what it can be trusted to return, the unary deviations and pairwise co-variations that are the sufficient statistics of a Markov random field (MRF). We apply our framework to two settings: binary classification and top-$k$ identification. In practice, the LLM reliably returns only discriminative statistics, what distinguishes the classes rather than each class in isolation, which precludes classical AFA. We apply a maximum-entropy closure that resolves this gauge ambiguity. We evaluate on a cohort of Inflammatory Bowel Disease (IBD) patients, an active clinical setting where diagnostic ambiguity and patient heterogeneity obstruct stable treatment strategies. Our framework outperforms the LLM both on real labels and on its own extracted beliefs. Where it matters most, on the hardest patients, our top-$k$ acquisition policy markedly outperforms all existing methods.

阅读与讨论 → 访问原文 →

23.

arXiv (CS.AI) 2026-06-16 DOI: arXiv:2605.26595

Cordyceps: Covert Control Attacks on LLMs via Data Poisoning

作者:

Zedian Shao↗Charles Fleming↗Teodora Baluta↗

arXiv:2605.26595v2 Announce Type: replace-cross Abstract: Large language models (LLMs) are often fine-tuned on uncurated text datasets that adversaries can poison. Existing poisoning attacks primarily rely on fixed trigger phrases that defenses such as outlier detection, clean-data regularization, or online monitoring can neutralize. In this paper, we propose a data poisoning method that teaches an LLM an information hiding scheme reliably and stealthily through semantic associations between shared knowledge such as facts or concepts and attacker-chosen phrases. The induced hiding scheme can encode and decode arbitrary malicious instructions, thus revealing a new and subtle poisoning-induced vulnerability: covert control attacks. We precisely characterize covert control attacks and evaluate them across $5$ LLMs, $3$ backdoor defenses, and $4$ prompt injection defenses. With a small poisoned fraction, covert control attacks outperform heuristic-based prompt injection attacks in average attack success rate by about $40\%$ relative to clean fine-tuned models. They also circumvent defenses based on detection and fine-tuning, maintaining up to $93\%$ attack success rate after backdoor defenses and up to $98\%$ after prompt injection defenses.

阅读与讨论 → 访问原文 →

24.

arXiv (CS.AI) 2026-06-12 DOI: arXiv:2606.12620

HybridCodeAuthorship: A Benchmark Dataset for Line-Level Code Authorship Detection

作者:

Luke Patterson↗Li Wang↗Adam Faulkner↗

arXiv:2606.12620v1 Announce Type: cross Abstract: Thanks to the rapid adoption of AI code assistants powered by large language models (LLMs), industry codebases are, increasingly, a hybrid of AI- and human-authored code. For risk management and productivity analysis purposes, it is crucial to enable fine-grained location detection of AI-generated code. To develop algorithms for this task, quality benchmarks are needed to assess performance. However, existing benchmarks tend to comprise academic, LeetCode-style problems and presume a code snippet is either completely human-authored or completely AI-authored, which is not reflective of the diverse intents and styles of industry codebases utilizing AI code assistants. To fill these gaps, we introduce HybridCodeAuthorship, a novel benchmark of Python code files with interleaved human- and AI-authored lines of code to simulate authentic utilization of AI code assistants. In this paper, we first present our dataset construction pipeline, which leverages CodeSearchNet, a massive collection of links to open sourced repositories on GitHub. We then benchmark the performance of two state-of-the-art AI-generated code detection algorithms at both the line- and chunk-level. Experimental results demonstrate that HybridCodeAuthorship is a challenging benchmark with a top-scoring algorithm, AIGCode Detector, obtaining a highest F1 score of 0.48 and 0.56 on chunk-level and line-level code detection tasks, respectively.

阅读与讨论 → 访问原文 →

25.

arXiv (CS.AI) 2026-06-19 DOI: arXiv:2606.05833

Learning Geometric Representations from Videos for Spatial Intelligent Multimodal Large Language Models

作者:

Haibo Wang↗Lifu Huang↗

arXiv:2606.05833v2 Announce Type: replace-cross Abstract: Multimodal Large Language Models (MLLMs) excel at 2D semantic understanding but lack intrinsic 3D awareness, resulting in representations that fail to maintain geometric and spatial consistency across video frames. Given the scarcity of large-scale 3D data, we present GeoVR, a novel framework that learns geometric representations using purely 2D video sequences. This approach effectively restructures the semantic latent space within MLLMs to unlock spatial intelligence. Rather than employing superficial feature mixing, GeoVR reshapes the internal representations of the MLLM by distilling geometry knowledge from pre-trained 3D foundation models. This is accomplished through a multi-objective learning strategy driven by four complementary geometric targets: (1) estimating inter-frame camera poses to embed varying viewpoint dynamics, (2) regressing dense depth maps to anchor physical distances, (3) predicting a metric scale factor for real-world calibration, and (4) distilling multi-scale 3D features to align the intermediate feature space. Guided by these explicit physical and geometric constraints, the model's internal representations naturally develop strong 3D awareness. Extensive experiments on spatial reasoning benchmarks demonstrate that GeoVR achieves state-of-the-art performance, establishing a new paradigm for endowing foundation models with spatial intelligence.

阅读与讨论 → 访问原文 →