{"id":"https://openalex.org/W7116849604","doi":"https://doi.org/10.48550/arxiv.2512.17146","title":"Biosecurity-Aware AI: Agentic Risk Auditing of Soft Prompt Attacks on ESM-Based Variant Predictors","display_name":"Biosecurity-Aware AI: Agentic Risk Auditing of Soft Prompt Attacks on ESM-Based Variant Predictors","publication_year":2025,"publication_date":"2025-12-19","ids":{"openalex":"https://openalex.org/W7116849604","doi":"https://doi.org/10.48550/arxiv.2512.17146"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.17146","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17146","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.17146","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075369864","display_name":"Huixin Zhan","orcid":"https://orcid.org/0000-0001-8926-1941"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Zhan, Huixin","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5075369864"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11642","display_name":"Genomics and Rare Diseases","score":0.4542999863624573,"subfield":{"id":"https://openalex.org/subfields/1311","display_name":"Genetics"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}},"topics":[{"id":"https://openalex.org/T11642","display_name":"Genomics and Rare Diseases","score":0.4542999863624573,"subfield":{"id":"https://openalex.org/subfields/1311","display_name":"Genetics"},"field":{"id":"https://openalex.org/fields/13","display_name":"Biochemistry, Genetics and Molecular Biology"},"domain":{"id":"https://openalex.org/domains/1","display_name":"Life Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.13770000636577606,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.03310000151395798,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.7378000020980835},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7269999980926514},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6643999814987183},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.4691999852657318},{"id":"https://openalex.org/keywords/foundation","display_name":"Foundation (evidence)","score":0.41780000925064087},{"id":"https://openalex.org/keywords/narrative","display_name":"Narrative","score":0.35600000619888306}],"concepts":[{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.7378000020980835},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7269999980926514},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6643999814987183},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.617900013923645},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.4691999852657318},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4478999972343445},{"id":"https://openalex.org/C2780966255","wikidata":"https://www.wikidata.org/wiki/Q5474306","display_name":"Foundation (evidence)","level":2,"score":0.41780000925064087},{"id":"https://openalex.org/C199033989","wikidata":"https://www.wikidata.org/wiki/Q1318295","display_name":"Narrative","level":2,"score":0.35600000619888306},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.35600000619888306},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3544999957084656},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3499000072479248},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3465000092983246},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3264000117778778},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.30230000615119934},{"id":"https://openalex.org/C59577422","wikidata":"https://www.wikidata.org/wiki/Q10265143","display_name":"False accusation","level":2,"score":0.29120001196861267},{"id":"https://openalex.org/C3020000205","wikidata":"https://www.wikidata.org/wiki/Q2412849","display_name":"Narrative review","level":2,"score":0.26489999890327454},{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.25200000405311584}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.17146","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17146","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.17146","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.17146","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.5412656664848328,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Genomic":[0,38],"Foundation":[1],"Models":[2],"(GFMs),":[3],"such":[4,75,149],"as":[5,76,150],"Evolutionary":[6],"Scale":[7],"Modeling":[8],"(ESM),":[9],"have":[10],"demonstrated":[11],"remarkable":[12],"success":[13],"in":[14,122,134,145],"variant":[15,152],"effect":[16],"prediction.":[17],"However,":[18],"their":[19],"security":[20],"and":[21,56,78,80,130],"robustness":[22,98],"under":[23],"adversarial":[24,47],"manipulation":[25],"remain":[26],"largely":[27],"unexplored.":[28],"To":[29],"address":[30],"this":[31],"gap,":[32],"we":[33,106],"introduce":[34],"the":[35,46,101,139],"Secure":[36],"Agentic":[37],"Evaluator":[39],"(SAGE),":[40],"an":[41,54],"agentic":[42,91,142],"framework":[43],"for":[44],"auditing":[45,59,144],"vulnerabilities":[48,133],"of":[49,96,141],"GFMs.":[50],"SAGE":[51],"functions":[52],"through":[53],"interpretable":[55],"automated":[57],"risk":[58,73,143],"loop.":[60],"It":[61],"injects":[62],"soft":[63,118],"prompt":[64,119],"perturbations,":[65],"monitors":[66],"model":[67],"behavior":[68],"across":[69],"training":[70],"checkpoints,":[71],"computes":[72],"metrics":[74],"AUROC":[77],"AUPR,":[79],"generates":[81],"structured":[82],"reports":[83],"with":[84],"large":[85],"language":[86],"model-based":[87],"narrative":[88],"explanations.":[89],"This":[90],"process":[92],"enables":[93],"continuous":[94],"evaluation":[95],"embedding-space":[97],"without":[99],"modifying":[100],"underlying":[102],"model.":[103],"Using":[104],"SAGE,":[105],"find":[107],"that":[108],"even":[109],"state-of-the-art":[110],"GFMs":[111],"like":[112],"ESM2":[113],"are":[114],"sensitive":[115],"to":[116],"targeted":[117],"attacks,":[120],"resulting":[121],"measurable":[123],"performance":[124],"degradation.":[125],"These":[126],"findings":[127],"reveal":[128],"critical":[129],"previously":[131],"hidden":[132],"genomic":[135],"foundation":[136],"models,":[137],"showing":[138],"importance":[140],"securing":[146],"biomedical":[147],"applications":[148],"clinical":[151],"interpretation.":[153]},"counts_by_year":[],"updated_date":"2025-12-23T23:15:37.779995","created_date":"2025-12-23T00:00:00"}