Collection Scope
User request: collect AI security materials with a focus on papers.
This batch intentionally excludes most news/blog/vendor sources and prioritizes recent arXiv papers, especially June 2026 papers not already present in raw/ or 01_Sources/.
Saved Papers
RAG, Retrieval, Memory, And Data Leakage
rag-security-privacy-survey-2026poisoned-retrieval-token-influence-2026privacy-preserving-rag-semantic-rewriting-2026llm-agent-memory-origin-bound-authority-2026rag-kv-cache-side-channel-2026rag-layered-prompt-injection-defense-2026ghost-vectors-hnsw-vector-database-2026conflict-aware-retriever-editing-rag-poisoning-2026runtime-memory-poisoning-certified-defense-2026rag-poisoning-influence-factors-2026rag-poisoning-chunking-reranking-2026document-authored-control-signal-impersonation-rag-2026rag-context-injection-recommendations-2026
Agent, MCP, Browser, Skill, And Runtime Security
poisoned-playbooks-ai-security-agents-2026agentlens-coding-agent-safety-steering-2026malicious-agent-skills-attention-2026ipi-hidden-state-probes-computer-use-agents-2026relinking-compression-boundary-agents-2026agentriskbom-2026agenticos-secure-os-architecture-2026denylist-fragility-ai-agents-2026aichilles-ai-evolved-systems-2026trustedari-agentic-routing-infrastructure-2026same-origin-policy-agentic-browsers-2026agentcanary-security-evaluation-2026data-leakage-tool-using-agents-2026
Jailbreak, Red Teaming, Multimodal, And Evaluation Reliability
jailbreak-judge-calibration-2026jailbreak-entropy-dynamics-2026realm-physical-world-vlm-red-teaming-2026pixjail-text-to-image-jailbreak-evaluation-2026prompt-injection-detector-calibration-2026otter-jailbreak-red-teaming-2026hierarchical-jailbreak-detection-long-conversations-2026agentic-surveillance-evasion-2026
AI For Security
raven-agentic-rag-vulnerability-repair-2026honeyquest-llm-cyber-deception-2026code-augur-agentic-vulnerability-detection-2026knowledge-honeypot-model-extraction-2026agentcyberrange-2026
Skipped As Duplicate
https://arxiv.org/abs/2606.20510/Efficient and Sound Probabilistic Verification for AI Agents: already present inraw/papers/probabilistic-verification-ai-agents-2026.mdand01_Sources/.- Papers already collected in the previous latest-source batch were not duplicated:
mcp-privacy-leakage-risks-2026,gt-mcp-contextual-reasoning-2026,agent-communication-graph-metadata-2026,ss-zkr-multi-agent-routing-2026,openagenet-oan-trust-governed-resource-identity-2026,rails-agentic-commerce-clearing-2026, andagents-all-the-way-down-2026.
Recommended Ingest Order
- High-priority RAG and memory security:
document-authored-control-signal-impersonation-rag-2026llm-agent-memory-origin-bound-authority-2026runtime-memory-poisoning-certified-defense-2026rag-poisoning-chunking-reranking-2026poisoned-retrieval-token-influence-2026
- Agent security and realistic execution:
agentcanary-security-evaluation-2026same-origin-policy-agentic-browsers-2026data-leakage-tool-using-agents-2026malicious-agent-skills-attention-2026denylist-fragility-ai-agents-2026
- AI for Security research topic candidates:
poisoned-playbooks-ai-security-agents-2026agentcyberrange-2026raven-agentic-rag-vulnerability-repair-2026code-augur-agentic-vulnerability-detection-2026honeyquest-llm-cyber-deception-2026
- Evaluation reliability and red teaming:
jailbreak-judge-calibration-2026prompt-injection-detector-calibration-2026ipi-hidden-state-probes-computer-use-agents-2026pixjail-text-to-image-jailbreak-evaluation-2026realm-physical-world-vlm-red-teaming-2026
Research Areas Affected
- RAG poisoning under realistic chunking/reranking and retriever editing.
- Persistent agent memory poisoning and origin-bound authority.
- Tool-using agent data leakage and browser-agent origin isolation.
- Agent skill supply-chain detection and denylist fragility.
- Realistic cyber range evaluation of frontier AI systems.
- Jailbreak judge calibration and detector reliability under attack shift.
- AI for Security: vulnerability repair, specification inference, cyber deception, and poisoned playbooks for AI security agents.