X
+
-
重置
题目(Title):
【SIST】Misleading Large Language Models used (or misused) in Scientific Peer-Reviewing via Hidden Prompt-Injection Attacks
主讲人(Speaker):
Giovanni Apruzzese
开始时间(Start Time):
2026-05-20 10:00
结束时间(End Time):
报告地点(Place):
信息学院1C502
主办单位(Organization):
信息科学与技术学院
协办单位(Co-organizer):
简介(Brief Introduction):
Large Language Models (LLMs) have revolutionized many aspects of our society. Many tasks encompassing document summarization or autonomous content generation can now benefit from the capabilities of LLMs. Among these, a domain in which LLMs are receiving incresing attention is that of scientific peer reviewing. Yet, usage of LLMs in this context must be done with due care: LLMs have certain blind spots which, if exploited, can lead to detrimental effects to the human requesting the service of an LLM.
In this talk, I will outline the reasons why the author of a scientific paper may want to mislead an LLM tasked to review a given paper. Based on these reasons, I will then explain ways in which one can reach their goal via "hidden prompt injections". Finally, I will discuss the results of a large-scale systematic analysis wherein we studied the impact of prompt-injection attacks against commercial LLMs (e.g., ChatGPT, Gemini). In doing so, I will also outline potential countermeasures---as well as counter-countermeasures. The takeaway is that blind reliance on LLMs for peer-review duties is strongly discouraged, and human oversight is still necessary.
Bio of speaker:Giovanni Apruzzese is an Assistant Professor at the University of Reykjavik (Iceland) and the University of Liechtenstein. His research focuses on cybersecurity and trustworthy AI, with particular interests in adversarial machine learning, phishing and intrusion detection, network security, and the security implications of large language models (LLMs). His recent work also explores human-centered security and the misuse of AI systems in real-world applications.
He is the General Chair of IEEE SaTML '27 and an Associate Editor for ACM T-AI-SAP. He serves as the Vice PC Co-chair for USENIX Security '26 and PC Co-chair for AISec '26. Additionally, he is an Area Chair for NeurIPS '26 and a PC member for IEEE S&P, USENIX Security, AsiaCCS, and ACSAC.
His research is published in venues such as USENIX Security, WWW, ESORICS, and IEEE EuroS&P. He received the AISec 2025 Best Paper Award and Outstanding Reviewer honors from IEEE SaTML and ACSAC.
In this talk, I will outline the reasons why the author of a scientific paper may want to mislead an LLM tasked to review a given paper. Based on these reasons, I will then explain ways in which one can reach their goal via "hidden prompt injections". Finally, I will discuss the results of a large-scale systematic analysis wherein we studied the impact of prompt-injection attacks against commercial LLMs (e.g., ChatGPT, Gemini). In doing so, I will also outline potential countermeasures---as well as counter-countermeasures. The takeaway is that blind reliance on LLMs for peer-review duties is strongly discouraged, and human oversight is still necessary.
Bio of speaker:Giovanni Apruzzese is an Assistant Professor at the University of Reykjavik (Iceland) and the University of Liechtenstein. His research focuses on cybersecurity and trustworthy AI, with particular interests in adversarial machine learning, phishing and intrusion detection, network security, and the security implications of large language models (LLMs). His recent work also explores human-centered security and the misuse of AI systems in real-world applications.
He is the General Chair of IEEE SaTML '27 and an Associate Editor for ACM T-AI-SAP. He serves as the Vice PC Co-chair for USENIX Security '26 and PC Co-chair for AISec '26. Additionally, he is an Area Chair for NeurIPS '26 and a PC member for IEEE S&P, USENIX Security, AsiaCCS, and ACSAC.
His research is published in venues such as USENIX Security, WWW, ESORICS, and IEEE EuroS&P. He received the AISec 2025 Best Paper Award and Outstanding Reviewer honors from IEEE SaTML and ACSAC.
沪公网安备 31011502006855号