{"id":"https://openalex.org/W7131414857","doi":"https://doi.org/10.48550/arxiv.2602.19450","title":"Red-Teaming Claude Opus and ChatGPT-based Security Advisors for Trusted Execution Environments","display_name":"Red-Teaming Claude Opus and ChatGPT-based Security Advisors for Trusted Execution Environments","publication_year":2026,"publication_date":"2026-02-23","ids":{"openalex":"https://openalex.org/W7131414857","doi":"https://doi.org/10.48550/arxiv.2602.19450"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2602.19450","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.19450","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2602.19450","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011906094","display_name":"Kunal Mukherjee","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Mukherjee, Kunal","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5011906094"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8748999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8748999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.05490000173449516,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.007300000172108412,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5198000073432922},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5163999795913696},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5056999921798706},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.484499990940094},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4717000126838684},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.4083999991416931},{"id":"https://openalex.org/keywords/trusted-computing","display_name":"Trusted Computing","score":0.3815000057220459},{"id":"https://openalex.org/keywords/hallucinating","display_name":"Hallucinating","score":0.37610000371932983},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.3668000102043152}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8007000088691711},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6568999886512756},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5198000073432922},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5163999795913696},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5056999921798706},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.484499990940094},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4717000126838684},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.4083999991416931},{"id":"https://openalex.org/C2776831232","wikidata":"https://www.wikidata.org/wiki/Q966812","display_name":"Trusted Computing","level":2,"score":0.3815000057220459},{"id":"https://openalex.org/C2911011789","wikidata":"https://www.wikidata.org/wiki/Q130741","display_name":"Hallucinating","level":2,"score":0.37610000371932983},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.3668000102043152},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.36039999127388},{"id":"https://openalex.org/C111640148","wikidata":"https://www.wikidata.org/wiki/Q847349","display_name":"Rubric","level":2,"score":0.3522999882698059},{"id":"https://openalex.org/C77019957","wikidata":"https://www.wikidata.org/wiki/Q2689057","display_name":"Dependability","level":2,"score":0.34299999475479126},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.32109999656677246},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.3188000023365021},{"id":"https://openalex.org/C165136773","wikidata":"https://www.wikidata.org/wiki/Q1363179","display_name":"Single point of failure","level":2,"score":0.3098999857902527},{"id":"https://openalex.org/C147346212","wikidata":"https://www.wikidata.org/wiki/Q5492632","display_name":"Trusted computing base","level":4,"score":0.30880001187324524},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.3082999885082245},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2939999997615814},{"id":"https://openalex.org/C2775928411","wikidata":"https://www.wikidata.org/wiki/Q2041312","display_name":"Fault injection","level":3,"score":0.2915000021457672},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.29019999504089355},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.27959999442100525},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.2775000035762787},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.2743000090122223},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.26980000734329224},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.25780001282691956}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2602.19450","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.19450","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2602.19450","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.19450","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Trusted":[0],"Execution":[1],"Environments":[2],"(TEEs)":[3],"(e.g.,":[4,69],"Intel":[5],"SGX":[6,140],"and":[7,29,53,73,102,110,141,145,150,159,174,193,213],"ArmTrustZone)":[8],"aim":[9],"to":[10,24,188,198],"protect":[11],"sensitive":[12],"computation":[13],"from":[14],"a":[15,58,85,120,126,135],"compromised":[16],"operating":[17],"system,":[18],"yet":[19],"real":[20],"deployments":[21],"remain":[22],"vulnerable":[23],"microarchitectural":[25],"leakage,":[26],"side-channel":[27],"attacks,":[28],"fault":[30],"injection.":[31],"In":[32],"parallel,":[33],"security":[34,45,99,132],"teams":[35],"increasingly":[36],"rely":[37],"on":[38,106],"Large":[39],"Language":[40],"Model":[41],"(LLM)":[42],"assistants":[43,62,93],"as":[44],"advisors":[46],"for":[47,130],"TEE":[48,65,98],"architecture":[49,200],"review,":[50],"mitigation":[51,152],"planning,":[52],"vulnerability":[54],"triage.":[55],"This":[56],"creates":[57],"socio-technical":[59],"risk":[60],"surface:":[61],"may":[63],"hallucinate":[64],"mechanisms,":[66],"overclaim":[67],"guarantees":[68],"what":[70],"attestation":[71,144],"does":[72,74],"not":[75,183],"establish),":[76],"or":[77],"behave":[78],"unsafely":[79],"under":[80],"adversarial":[81],"prompting.":[82],"We":[83,117,177],"present":[84],"red-teaming":[86],"study":[87],"of":[88,97,112],"two":[89],"prevalently":[90],"deployed":[91],"LLM":[92,191],"in":[94],"the":[95,107],"role":[96],"advisors:":[100],"ChatGPT-5.2":[101],"Claude":[103],"Opus-4.6,":[104],"focusing":[105],"inherent":[108],"limitations":[109],"transferability":[111],"prompt-induced":[113],"failures":[114,181,221],"across":[115,190],"LLMs.":[116],"introduce":[118],"TEE-RedBench,":[119],"TEE-grounded":[121],"evaluation":[122,205],"methodology":[123],"comprising":[124],"(i)":[125],"TEE-specific":[127],"threat":[128,148],"model":[129],"LLM-mediated":[131],"work,":[133],"(ii)":[134],"structured":[136,211],"prompt":[137],"suite":[138],"spanning":[139],"TrustZone":[142],"architecture,":[143],"key":[146],"management,":[147],"modeling,":[149],"non-operational":[151],"guidance,":[153],"along":[154],"with":[155],"policy-bound":[156],"misuse":[157],"probes,":[158],"(iii)":[160],"an":[161,203],"annotation":[162],"rubric":[163],"that":[164,179],"jointly":[165],"measures":[166],"technical":[167],"correctness,":[168],"groundedness,":[169],"uncertainty":[170],"calibration,":[171],"refusal":[172],"quality,":[173],"safe":[175],"helpfulness.":[176],"find":[178],"some":[180],"are":[182],"purely":[184],"idiosyncratic,":[185],"transferring":[186],"up":[187],"12.02%":[189],"assistants,":[192],"we":[194],"connect":[195],"these":[196],"outcomes":[197],"secure":[199],"by":[201,222],"outlining":[202],"\"LLM-in-the-loop\"":[204],"pipeline:":[206],"policy":[207],"gating,":[208],"retrieval":[209],"grounding,":[210],"templates,":[212],"lightweight":[214],"verification":[215],"checks":[216],"that,":[217],"when":[218],"combined,":[219],"reduce":[220],"80.62%.":[223]},"counts_by_year":[],"updated_date":"2026-02-26T06:34:08.959763","created_date":"2026-02-26T00:00:00"}