ARXIV:2603.12023 · ADVERSARIAL AI SECURITY · SUBMITTED 02 APR · 02:30 UTC · FRESHNESS STALE

VerifiedSource: PDF linkedPartialPaperPack: 3 of 4 citation fields filledMissingMissing fields: authorsPartialProof: unverified proof status

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

arXiv

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Blocked on Code›Score4.0Evidence unverified

Opportunity summary

Pain A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Evidence 0 refs | 0 sources | 17% coverage

Blocker Evidence unverified

Open Build Read PDF Signal Canvas Track

PROBLEM

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies. Compound AI systems are constructed on a layered traditional software stack running on a distributed hardware infrastructure.

METHOD

Full abstract

Rapid progress in generative AI has given rise to Compound AI systems - pipelines comprised of multiple large language models (LLM), software tools and database systems. Compound AI systems are constructed on a layered traditional software stack running on a distributed hardware infrastructure. Many of the diverse software components are vulnerable to traditional security flaws documented in the Common Vulnerabilities and Exposures (CVE) database, while the underlying distributed hardware infrastructure remains exposed to timing attacks, bit-flip faults, and power-based side channels. Today, research targets LLM-specific risks like model extraction, training data leakage, and unsafe generation -- overlooking the impact of traditional system vulnerabilities. This work investigates how traditional software and hardware vulnerabilities can complement LLM-specific algorithmic attacks to compromise the integrity of a compound AI pipeline. We demonstrate two novel attacks that combine system-level vulnerabilities with algorithmic weaknesses: (1) Exploiting a software code injection flaw along with a guardrail Rowhammer attack to inject an unaltered jailbreak prompt into an LLM, resulting in an AI safety violation, and (2) Manipulating a knowledge database to redirect an LLM agent to transmit sensitive user data to a malicious application, thus breaching confidentiality. These attacks highlight the need to address traditional vulnerabilities; we systematize the attack primitives and analyze their composition by grouping vulnerabilities by their objective and mapping them to distinct stages of an attack lifecycle. This approach enables a rigorous red-teaming exercise and lays the groundwork for future defense strategies.

RESULT

ScienceToStartup currently rates this 4.0/10 on the public viability pass. We demonstrate two novel attacks that combine system-level vulnerabilities with algorithmic weaknesses: (1) Exploiting a software code injection flaw along with a guardrail Rowhammer…

WHY NOW

Adversarial AI Security moved forward this cycle; last verified April 2026. Public score 4.0/10.

Continue into Read for claims, analysis, references, and neighboring papers.

Opportunity summary

Score4.0

PainA framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Evidence0 refs | 0 sources | 17% coverage

Blockermissing authors

Analysis summary

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

VerifiedSource: PDF linkedPartialPaperPack: 3 of 4 citation fields filledMissingMissing fields: authorsPartialProof: unverified proof status

ARXIV:2603.12023 · ADVERSARIAL AI SECURITY · SUBMITTED 02 APR · 02:30 UTC · FRESHNESS STALE

VerifiedSource: PDF linkedPartialPaperPack: 3 of 4 citation fields filledMissingMissing fields: authorsPartialProof: unverified proof status

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

arXiv

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Blocked on Code›Score4.0Evidence unverified

Opportunity summary

Pain A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Evidence 0 refs | 0 sources | 17% coverage

Blocker Evidence unverified

Open Build Read PDF Signal Canvas Track

PROBLEM

METHOD

Full abstract

RESULT

WHY NOW

Adversarial AI Security moved forward this cycle; last verified April 2026. Public score 4.0/10.

Continue into Read for claims, analysis, references, and neighboring papers.

Opportunity summary

Score4.0

PainA framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Evidence0 refs | 0 sources | 17% coverage

Blockermissing authors

Analysis summary

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

VerifiedSource: PDF linkedPartialPaperPack: 3 of 4 citation fields filledMissingMissing fields: authorsPartialProof: unverified proof status

Paper Pack

10.48550/arXiv.2603.12023

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Abstract

Source availability

PDF linked

The paper record includes a public PDF URL.

Extraction status

Derived fallback

Read summaries are estimated from adjacent metadata, not verified extraction rows.

Proof status

unverified

0 refs; 0 sources; 17% coverage.

What was readable

linkedon filenot materializedderived fallback37 indexednot indexed

Derived fallback: Estimated from adjacent evidence; not verified from source.

Viability

4.0

Time to MVP

MVP estimate missing

Commercial

No commercial flags on file

Export

Preparing verified analysis

lens / founder

PROBLEM

METHOD

RESULT

WHY NOW

Adversarial AI Security moved forward this cycle; last verified April 2026. Public score 4.0/10.

Claim map

Abstract-backed public claims while anchored extraction refreshes.

Strong 0Mixed 0Weak 4

Evidencepartial
A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies. Compound AI systems are constructed on a layered traditional software stack running on a distributed hardware infrastructure.
Implicationpartial
Abstract-backed fallback claim; anchored extraction has not materialized a public claim row yet.
Verificationpartial
partial
Evidencepartial
Rapid progress in generative AI has given rise to Compound AI systems - pipelines comprised of multiple large language models (LLM), software tools and database systems. Compound AI systems are constructed on a layered traditional software stack running on a distributed hardware infrastructure.
Implicationpartial
Abstract-backed fallback claim; anchored extraction has not materialized a public claim row yet.
Verificationpartial
partial
Evidencepartial
ScienceToStartup currently rates this 4.0/10 on the public viability pass. We demonstrate two novel attacks that combine system-level vulnerabilities with algorithmic weaknesses: (1) Exploiting a software code injection flaw along with a guardrail Rowhammer attack to inject an unaltered jailbreak prompt into an LLM, resulting in an AI safety violation, and (2) Manipulating a knowledge database to redirect an LLM agent to transmit sensitive user data to a malicious application, thus breaching confidentiality.
Implicationpartial
Abstract-backed fallback claim; anchored extraction has not materialized a public claim row yet.
Verificationpartial
partial
Evidencepartial
Adversarial AI Security moved forward this cycle; last verified April 2026. Public score 4.0/10.
Implicationpartial
Abstract-backed fallback claim; anchored extraction has not materialized a public claim row yet.
Verificationpartial
partial

Constellation map

Paper-native neighborhood for concepts, methods, materials, markets, and competitors. Missing lanes stay labeled instead of disappearing behind commercialization gates.

Open full Signal Canvas

Concepts

not indexed

Methods

Materials

PDF linked

Markets

Adversarial AI Security

Competitors

not indexed

Competitive landscape

A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.

Segment

Adversarial AI Security

Adoption evidence

No public code link in the paper record yet

Commercial read

4.0/10 public viability

Direct

not classified

Adjacent

not classified

Substitute

not classified

Unknown

not classified

Buzz

No indexed public discussion is attached to 2603.12023 yet. That is a visibility signal, not a blank module: the monitor is watching the public channels below.

Hacker News

Not indexed yet

Bluesky

Not indexed yet

PDF

Preview the source document here, or use the hero PDF action for a new tab.

References(37)

Lessons From Red Teaming 100 Generative AI Products

2025Blake Bullwinkel, Amanda Minnich et al.

Rowhammer-Based Trojan Injection: One Bit Flip Is Sufficient for Backdooring DNNs

2025Xiang Li, Ying Meng et al.

ConfusedPilot: Confused Deputy Risks in RAG-based LLMs

2024Ayush RoyChowdhury, Mulong Luo et al.

Everywhere All at Once: Co-Location Attacks on Public Cloud FaaS

2024Zirui Neil Zhao, Adam Morrison et al.

Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing

2024Jiabao Ji, Bairu Hou et al.

PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models

2024Wei Zou, Runpeng Geng et al.

SoK: Memorization in General-Purpose Large Language Models

2023Valentin Hartmann, Anshuman Suri et al.

NeMo Guardrails: A Toolkit for Controllable and Safe LLM Applications with Programmable Rails

2023Traian Rebedea, R. Dinu et al.

SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks

2023Alexander Robey, Eric Wong et al.

AutoDAN: Generating Stealthy Jailbreak Prompts on Aligned Large Language Models

2023Xiaogeng Liu, Nan Xu et al.

Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM

2023Bochuan Cao, Yu Cao et al.

Baseline Defenses for Adversarial Attacks Against Aligned Language Models

2023Neel Jain, Avi Schwarzschild et al.

Detecting Language Model Attacks with Perplexity

2023Gabriel Alon, Michael Kamfonas

"Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models

2023Xinyue Shen, Zeyuan Chen et al.

Universal and Transferable Adversarial Attacks on Aligned Language Models

2023Andy Zou, Zifan Wang et al.

Fault Injection for TensorFlow Applications

2023Niranjhana Narayanan, Zitao Chen et al.

Int-Monitor: a model triggered hardware trojan in deep learning accelerators

2022Peng Li, Rui Hou

GitHub Copilot

2022Brayan Stiven Torrres Ovalle

Invisible Probe: Timing Attacks with PCIe Congestion Side-channel

2021Mingtian Tan, Junpeng Wan et al.

PyTorch

2021S. Sagar Imambi, K. Prakash et al.

Showing 20 of 37 references

CITED BY

No citing papers are indexed in the public S2S graph yet. This is an explicit zero-signal state, not a hidden lookup.

Foundation

none indexed

Extension

Builds On ThisThe Persistent Vulnerability of Aligned AI Systems

3.0

Builds On ThisContext-Fractured Decomposition Attacks on Tool-Using LLM Agents: Exploiting Artifact Provenance Gaps

0.0

Commercially relevant

Higher ViabilityAutomatically Attacking Software Reverse Engineering AI Agents

8.0

Higher ViabilityLAAF: Logic-layer Automated Attack Framework A Systematic Red-Teaming Methodology for LPCI Vulnerabilities in Agentic Large Language Model Systems

7.0

Higher ViabilitySynergistic Directed Execution and LLM-Driven Analysis for Zero-Day AI-Generated Malware Detection

9.0

Higher ViabilityThe Salami Slicing Threat: Exploiting Cumulative Risks in LLM Systems

8.0

Higher ViabilityBreaking MCP with Function Hijacking Attacks: Novel Threats for Function Calling and Agentic Models

7.0

Higher ViabilityMOSAIC-Bench: Measuring Compositional Vulnerability Induction in Coding Agents

7.0

Higher ViabilitySupply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems

5.0

Higher ViabilityThe Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware

5.0

Conflicting

none indexed

Owned Distribution

Subscribe to the weekly brief

Get the weekly shortlist of commercializable papers, benchmark movers, and proof receipts that matter for product execution.

Agent drawer

5 surfaces preserved for agents. Humans can ignore.

Developer contracts, payload previews, evidence maps, and run controls stay here instead of the Read, Build, and Track workspace.

Run context

Paper: 2603.12023
Route: /paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems
Active tab: read
Artifact: cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

Available agents

Read extractor
Build planner
Track monitor
Competitive mapper
Related-paper scout

API/MCP endpoints

REST paper pack API/api/v1/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems/paper-pack
REST build passport API/api/v1/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems/build-passport
REST OpenAPI/api/openapi.json
MCP descriptor/api/mcp
MCP resourcesciencetostartup://surfaces/paper-workspace

Tool contracts

paper_packbuild_passportopportunity_kernelforesightsource_proofevidence_state

Payload preview

Inspect payload

{
  "contract_version": "paper-r2",
  "paper_id": "d9bd5d61-369e-4ae1-a8a1-49768351cdb6",
  "arxiv_id": "2603.12023",
  "canonical_route": "/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
  "active_tab": "synced from current hash by the drawer client",
  "selected_artifact": "cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
  "endpoints": {
    "paper_pack": "/api/v1/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems/paper-pack",
    "build_passport": "/api/v1/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems/build-passport",
    "mcp_resource": "sciencetostartup://surfaces/paper-workspace"
  }
}

Schema validation

paper-r2 contract: present
JSON-LD twin: SSR emitted
OpenAPI path parity: /api/openapi.json
MCP resource parity: paper-workspace

Job trace

queued: drawer opened by user action
running: inspect or copy payload
succeeded: payload available in SSR
failed: route errors appear in evidence cards

Evidence map

sources used: page freshness, source proof anchors, JSON-LD
missing sources: exposed by PaperPack and EvidenceState chips
derived fallbacks: marked unverified before handoff

Page Freshness

Canonical route, proof status, last verified, refs, sources, and coverage.

Page Freshness

Paper proof surface

Canonical route: /paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

stale

Proof freshness: stale
Proof status: unverified
Display score: 4/10
Last proof check: 2026-04-02
Score updated: 2026-04-02
Score fresh until: 2026-05-02
References: 0
Source count: 0
Coverage: 17%

This page is showing the last landed evidence receipt and score bundle because the latest proof data is outside the freshness window.

OpenAlex: pending — this preprint is not yet indexed by OpenAlex.

Agent Handoff

Endpoint list, payload shape, route context, and copyable handoff data.

Agent Handoff

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

Canonical ID cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems | Route /paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

REST example

curl https://sciencetostartup.com/api/v1/agent-handoff/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

MCP example

{
  "tool": "get_paper",
  "arguments": {
    "arxiv_id": "2603.12023"
  }
}

source_context

{
  "surface": "paper",
  "mode": "paper",
  "query": "Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems",
  "normalized_query": "2603.12023",
  "route": "/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
  "paper_ref": "cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
  "topic_slug": null,
  "benchmark_ref": null,
  "dataset_ref": null
}

Buildability Receipt

Verdict, compute envelope, blockers, signature state, and receipt links.

Paper proof page receipt window

Not build-ready: Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

/buildability/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

Ignoreblocked

Subject: Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

Verdict

Ignore

Verdict is Ignore because current viability and proof state do not clear the buildability gate.

Time to first demo

Insufficient data

No first-demo timestamp, owner estimate, or elapsed demo receipt is attached to this surface.

Compute envelope

Structured compute envelope

Insufficient data

No data, compute, hardware, memory, latency, dependency, or serving requirement receipt is attached.

Evidence ids

Receipt path

/buildability/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

Paper ref

cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems

arXiv id

2603.12023

Freshness

Generated at

2026-04-02T02:30:40.136Z

Evidence freshness

stale

Last verification

2026-04-02T02:30:40.136Z

Sources

References

Coverage

17%

Hash state

Lineage hash

deefeed0f2eb938765610807a856830b3a0a883ac1ea2b434f9e16b2468cf739

Canonical opportunity-kernel lineage hash.

Signature state

External signature

unsigned_external

No founder, registry, pilot, or production-adoption signature is attached to this receipt.

Verification

not_verified

Verification is blocked until an external signature is provided.

Blockers

Missing: repo_url
Missing: references
Missing: proof_status
Missing: distribution_readiness_scores
Missing: paper_extraction_scorecards
Unknown: distribution readiness has not been computed yet
Unknown: proof verification has not been recorded yet

Verification pending / evidence receipt incomplete

repo_url

references

Missing proof, requirement, signature, approval, adoption, or telemetry fields are blockers and must not be inferred.

Open receipt API receipt Build Loop Signal Canvas Proof divergence Divergence API Brier outcomes API

Source Proof anchors

Visual citations from the paper document graph.

JSON-LD twin

The application/ld+json payload rendered for agents.

{
  "@context": "https://schema.org",
  "@graph": [
    {
      "@type": "WebPage",
      "@id": "https://sciencetostartup.com/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems#webpage",
      "url": "https://sciencetostartup.com/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
      "name": "Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems",
      "description": "A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.",
      "isPartOf": {
        "@id": "https://sciencetostartup.com/#website"
      }
    },
    {
      "@type": "ScholarlyArticle",
      "@id": "https://sciencetostartup.com/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems#scholarlyArticle",
      "headline": "Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems",
      "description": "A framework for understanding and exploiting vulnerabilities in compound AI systems through novel attack strategies.",
      "url": "https://sciencetostartup.com/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems",
      "sameAs": "https://arxiv.org/abs/2603.12023",
      "identifier": {
        "@type": "PropertyValue",
        "propertyID": "arXiv",
        "value": "2603.12023"
      },
      "isAccessibleForFree": true,
      "isPartOf": {
        "@id": "https://sciencetostartup.com/#website"
      },
      "datePublished": "2026-03-12T15:03:51.000Z",
      "citation": [
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "165c70171847d0e8b283f93e71c01a2e4d253714"
          },
          "url": "https://www.semanticscholar.org/paper/165c70171847d0e8b283f93e71c01a2e4d253714"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "9716eff749e27faf90abb1b7c88728e23ed35032"
          },
          "url": "https://www.semanticscholar.org/paper/9716eff749e27faf90abb1b7c88728e23ed35032"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "8da790cdc3636544e050a2079980308bf64d8822"
          },
          "url": "https://www.semanticscholar.org/paper/8da790cdc3636544e050a2079980308bf64d8822"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "1f9f25aad947030fe3206114fa2ac75e8b590515"
          },
          "url": "https://www.semanticscholar.org/paper/1f9f25aad947030fe3206114fa2ac75e8b590515"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "f4e06256ab07727ff4e0465deea83fcf45012354"
          },
          "url": "https://www.semanticscholar.org/paper/f4e06256ab07727ff4e0465deea83fcf45012354"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "795b3d3341c7c93daf316a59794f67a6c1c230f1"
          },
          "url": "https://www.semanticscholar.org/paper/795b3d3341c7c93daf316a59794f67a6c1c230f1"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "b428e9e0e8ac36b3ae29a7ab9b9554c39cedb283"
          },
          "url": "https://www.semanticscholar.org/paper/b428e9e0e8ac36b3ae29a7ab9b9554c39cedb283"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "8cf9b49698fdb1b754df2556576412a7b44929f6"
          },
          "url": "https://www.semanticscholar.org/paper/8cf9b49698fdb1b754df2556576412a7b44929f6"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "f3f23f7f9f5369aade19f20bc5d028cce7b9c9aa"
          },
          "url": "https://www.semanticscholar.org/paper/f3f23f7f9f5369aade19f20bc5d028cce7b9c9aa"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "cd29c25c489562b409a60f83365f93f33ee1a0a1"
          },
          "url": "https://www.semanticscholar.org/paper/cd29c25c489562b409a60f83365f93f33ee1a0a1"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "3e30a7ac4886b28eb50151f58e14a1d698cccd0e"
          },
          "url": "https://www.semanticscholar.org/paper/3e30a7ac4886b28eb50151f58e14a1d698cccd0e"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "b8b8d5655df1c6a71bbb713387863e34cc055332"
          },
          "url": "https://www.semanticscholar.org/paper/b8b8d5655df1c6a71bbb713387863e34cc055332"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "1104d766527dead44a40532e8a89444d9cef5c65"
          },
          "url": "https://www.semanticscholar.org/paper/1104d766527dead44a40532e8a89444d9cef5c65"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "47030369e97cc44d4b2e3cf1be85da0fd134904a"
          },
          "url": "https://www.semanticscholar.org/paper/47030369e97cc44d4b2e3cf1be85da0fd134904a"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "5aed6c11eefb007cc48b3ce303b4a5072c752daf"
          },
          "url": "https://www.semanticscholar.org/paper/5aed6c11eefb007cc48b3ce303b4a5072c752daf"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "a0c9b4cd718fffeaf2fb3601b562c4e0b8e72d0c"
          },
          "url": "https://www.semanticscholar.org/paper/a0c9b4cd718fffeaf2fb3601b562c4e0b8e72d0c"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "47312082088702b1d6e7497f3ec6a3349505e142"
          },
          "url": "https://www.semanticscholar.org/paper/47312082088702b1d6e7497f3ec6a3349505e142"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "55791f97a6ad3cf4173fa2d0900aeed3022e2bbb"
          },
          "url": "https://www.semanticscholar.org/paper/55791f97a6ad3cf4173fa2d0900aeed3022e2bbb"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "1cd7ef8618331c1ec63d7e84e503e99231fb74e6"
          },
          "url": "https://www.semanticscholar.org/paper/1cd7ef8618331c1ec63d7e84e503e99231fb74e6"
        },
        {
          "@type": "ScholarlyArticle",
          "identifier": {
            "@type": "PropertyValue",
            "propertyID": "SemanticScholar",
            "value": "f89ab2047073348c84edf86893fc8c37a82cd67f"
          },
          "url": "https://www.semanticscholar.org/paper/f89ab2047073348c84edf86893fc8c37a82cd67f"
        }
      ],
      "additionalProperty": [
        {
          "@type": "PropertyValue",
          "propertyID": "viabilityScore",
          "value": 4
        },
        {
          "@type": "PropertyValue",
          "propertyID": "researchDomain",
          "value": "Adversarial AI Security"
        }
      ]
    },
    {
      "@type": "BreadcrumbList",
      "itemListElement": [
        {
          "@type": "ListItem",
          "position": 1,
          "name": "Home",
          "item": "https://sciencetostartup.com"
        },
        {
          "@type": "ListItem",
          "position": 2,
          "name": "Adversarial AI Security",
          "item": "https://sciencetostartup.com/topics"
        },
        {
          "@type": "ListItem",
          "position": 3,
          "name": "Cascade: Composing Software-Hardware Attack Gadgets for Adve",
          "item": "https://sciencetostartup.com/paper/cascade-composing-software-hardware-attack-gadgets-for-adversarial-threat-amplification-in-compound-ai-systems"
        }
      ]
    }
  ]
}

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems

Claim map

Constellation map

Competitive landscape

Buzz

PDF

References(37)

Related Papers

Subscribe to the weekly brief

Build artifacts

Brief

Experiment plan

Validation checklist

Scientific founder

Translational engineer

Domain operator

GTM lead

Regulatory/clinical advisor

Timeline

Claim map

Constellation map

Competitive landscape

Buzz

PDF

References(37)

Related Papers

Subscribe to the weekly brief

Build artifacts

Brief

Experiment plan

Validation checklist

Scientific founder

Translational engineer

Domain operator

GTM lead

Regulatory/clinical advisor

Timeline