{"id":"https://openalex.org/W7117136620","doi":"https://doi.org/10.48550/arxiv.2512.19016","title":"DREAM: Dynamic Red-teaming across Environments for AI Models","display_name":"DREAM: Dynamic Red-teaming across Environments for AI Models","publication_year":2025,"publication_date":"2025-12-22","ids":{"openalex":"https://openalex.org/W7117136620","doi":"https://doi.org/10.48550/arxiv.2512.19016"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.19016","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.19016","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.19016","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121127046","display_name":"Liming Lu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Lu, Liming","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121227803","display_name":"Xiang Gu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gu, Xiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121202375","display_name":"Junyu Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Junyu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121163157","display_name":"Jiawei Du","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Du, Jiawei","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121181587","display_name":"Yunhuai Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zheng, Xu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121193127","display_name":"Yongbin Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Yunhuai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121220181","display_name":"Shuchao Pang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Yongbin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5121220181","display_name":"Shuchao Pang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pang, Shuchao","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5121127046"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8835999965667725,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8835999965667725,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.019500000402331352,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.01860000006854534,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6273000240325928},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4876999855041504},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4641000032424927},{"id":"https://openalex.org/keywords/knowledge-base","display_name":"Knowledge base","score":0.4146000146865845},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.3928000032901764},{"id":"https://openalex.org/keywords/knowledge-graph","display_name":"Knowledge graph","score":0.39070001244544983}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7261000275611877},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6273000240325928},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4876999855041504},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4641000032424927},{"id":"https://openalex.org/C4554734","wikidata":"https://www.wikidata.org/wiki/Q593744","display_name":"Knowledge base","level":2,"score":0.4146000146865845},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40950000286102295},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3928000032901764},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.39070001244544983},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.3831999897956848},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3675000071525574},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.351500004529953},{"id":"https://openalex.org/C2776960227","wikidata":"https://www.wikidata.org/wiki/Q2586354","display_name":"Knowledge transfer","level":2,"score":0.32339999079704285},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3183000087738037},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.26460000872612},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.25279998779296875}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.19016","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.19016","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.19016","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.19016","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5111827254295349,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"are":[4,178],"increasingly":[5],"used":[6],"in":[7,119,144],"agentic":[8],"systems,":[9],"where":[10,149],"their":[11],"interactions":[12],"with":[13],"diverse":[14],"tools":[15],"and":[16,157,203],"environments":[17],"create":[18],"complex,":[19],"multi-stage":[20,56],"safety":[21,150,171,192],"challenges.":[22],"However,":[23],"existing":[24],"benchmarks":[25],"mostly":[26],"rely":[27],"on":[28],"static,":[29],"single-turn":[30],"assessments":[31],"that":[32,86,169,183],"miss":[33],"vulnerabilities":[34,202],"from":[35,91],"adaptive,":[36],"long-chain":[37],"attacks.":[38,57],"To":[39,189],"fill":[40],"this":[41],"gap,":[42],"we":[43,139,194],"introduce":[44],"DREAM,":[45],"a":[46,63,79,92,112,198],"framework":[47],"for":[48,124,200],"systematic":[49],"evaluation":[50,105],"of":[51,74,95,106,122,130,136],"LLM":[52,109],"agents":[53,110],"against":[54,181],"dynamic,":[55],"At":[58],"its":[59],"core,":[60],"DREAM":[61,196],"uses":[62],"Cross-Environment":[64],"Adversarial":[65],"Knowledge":[66],"Graph":[67],"(CE-AKG)":[68],"to":[69,153,160],"maintain":[70],"stateful,":[71,131],"cross-domain":[72],"understanding":[73],"vulnerabilities.":[75],"This":[76],"graph":[77],"guides":[78],"Contextualized":[80],"Guided":[81],"Policy":[82],"Search":[83],"(C-GPS)":[84],"algorithm":[85],"dynamically":[87],"constructs":[88],"attack":[89,116],"chains":[90,117],"knowledge":[93],"base":[94],"1,986":[96],"atomic":[97],"actions":[98],"across":[99,155],"349":[100],"distinct":[101],"digital":[102],"environments.":[103],"Our":[104,165],"12":[107],"leading":[108],"reveals":[111],"critical":[113],"vulnerability:":[114],"these":[115,137],"succeed":[118],"over":[120,186],"70%":[121],"cases":[123],"most":[125],"models,":[126],"showing":[127],"the":[128],"power":[129],"cross-environment":[132],"exploits.":[133],"Through":[134],"analysis":[135],"failures,":[138],"identify":[140],"two":[141],"key":[142],"weaknesses":[143],"current":[145],"agents:":[146],"contextual":[147],"fragility,":[148],"behaviors":[151],"fail":[152],"transfer":[154],"environments,":[156],"an":[158],"inability":[159],"track":[161],"long-term":[162],"malicious":[163],"intent.":[164],"findings":[166],"also":[167],"show":[168],"traditional":[170],"measures,":[172],"such":[173],"as":[174,197],"initial":[175],"defense":[176],"prompts,":[177],"largely":[179],"ineffective":[180],"attacks":[182],"build":[184],"context":[185],"multiple":[187],"interactions.":[188],"advance":[190],"agent":[191],"research,":[193],"release":[195],"tool":[199],"evaluating":[201],"developing":[204],"more":[205],"robust":[206],"defenses.":[207]},"counts_by_year":[],"updated_date":"2026-02-04T23:10:29.248076","created_date":"2025-12-24T00:00:00"}