{"id":"https://openalex.org/W7135189360","doi":"https://doi.org/10.48550/arxiv.2603.12023","title":"Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems","display_name":"Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems","publication_year":2026,"publication_date":"2026-03-12","ids":{"openalex":"https://openalex.org/W7135189360","doi":"https://doi.org/10.48550/arxiv.2603.12023"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.12023","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12023","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.12023","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032763421","display_name":"Sarbartha Banerjee","orcid":"https://orcid.org/0009-0006-9704-932X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Banerjee, Sarbartha","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091812853","display_name":"Prateek Sahu","orcid":"https://orcid.org/0009-0000-5569-5856"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sahu, Prateek","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070365933","display_name":"Anjo Vahldiek-Oberwagner","orcid":"https://orcid.org/0000-0002-6983-0630"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vahldiek-Oberwagner, Anjo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128964393","display_name":"Jose Sanchez Vicarte","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vicarte, Jose Sanchez","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5128991316","display_name":"Mohit Tiwari","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tiwari, Mohit","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7900000214576721,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7900000214576721,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.12349999696016312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.030300000682473183,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.6373999714851379},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.5415999889373779},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.45890000462532043},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.44359999895095825},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.421099990606308},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4075999855995178},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.40709999203681946},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.39750000834465027},{"id":"https://openalex.org/keywords/complement","display_name":"Complement (music)","score":0.3903000056743622},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.3725000023841858}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7213000059127808},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6758999824523926},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.6373999714851379},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.5415999889373779},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.45890000462532043},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.44359999895095825},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.421099990606308},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4075999855995178},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.40709999203681946},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.39750000834465027},{"id":"https://openalex.org/C112313634","wikidata":"https://www.wikidata.org/wiki/Q7886648","display_name":"Complement (music)","level":5,"score":0.3903000056743622},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.3725000023841858},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.3653999865055084},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.3601999878883362},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.3434000015258789},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.33559998869895935},{"id":"https://openalex.org/C2779639559","wikidata":"https://www.wikidata.org/wiki/Q7661178","display_name":"Symbolic execution","level":3,"score":0.323199987411499},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3102000057697296},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.30959999561309814},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.3084999918937683},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.303600013256073},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.3021000027656555},{"id":"https://openalex.org/C113843644","wikidata":"https://www.wikidata.org/wiki/Q901882","display_name":"Interface (matter)","level":4,"score":0.3003999888896942},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2946000099182129},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2766000032424927},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.267300009727478},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.26600000262260437},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.26109999418258667},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.25949999690055847},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.2590999901294708},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.25189998745918274}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.12023","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12023","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.12023","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.12023","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"score":0.5762311816215515,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Rapid":[0],"progress":[1],"in":[2,56,161],"generative":[3],"AI":[4,10,27,124,163],"has":[5],"given":[6],"rise":[7],"to":[8,51,72,117,151,172,177,182,194,216],"Compound":[9,26],"systems":[11,28],"-":[12],"pipelines":[13],"comprised":[14],"of":[15,44,99,121,219],"multiple":[16],"large":[17],"language":[18],"models":[19],"(LLM),":[20],"software":[21,35,47,108,141],"tools":[22],"and":[23,60,77,92,109,166,203,213,230],"database":[24,171],"systems.":[25],"are":[29,49],"constructed":[30],"on":[31,38],"a":[32,39,122,140,147,169,183,226],"layered":[33],"traditional":[34,52,100,107,196],"stack":[36],"running":[37],"distributed":[40,67],"hardware":[41,68,110],"infrastructure.":[42],"Many":[43],"the":[45,57,65,97,119,192,200,232],"diverse":[46],"components":[48],"vulnerable":[50],"security":[53],"flaws":[54],"documented":[55],"Common":[58],"Vulnerabilities":[59],"Exposures":[61],"(CVE)":[62],"database,":[63],"while":[64],"underlying":[66],"infrastructure":[69],"remains":[70],"exposed":[71],"timing":[73],"attacks,":[74],"bit-flip":[75],"faults,":[76],"power-based":[78],"side":[79],"channels.":[80],"Today,":[81],"research":[82],"targets":[83],"LLM-specific":[84,114],"risks":[85],"like":[86],"model":[87],"extraction,":[88],"training":[89],"data":[90,181],"leakage,":[91],"unsafe":[93],"generation":[94],"--":[95],"overlooking":[96],"impact":[98],"system":[101],"vulnerabilities.":[102],"This":[103,223],"work":[104],"investigates":[105],"how":[106],"vulnerabilities":[111,134,209],"can":[112],"complement":[113],"algorithmic":[115,136],"attacks":[116,130,190],"compromise":[118],"integrity":[120],"compound":[123],"pipeline.":[125],"We":[126],"demonstrate":[127],"two":[128],"novel":[129],"that":[131],"combine":[132],"system-level":[133],"with":[135,146],"weaknesses:":[137],"(1)":[138],"Exploiting":[139],"code":[142],"injection":[143],"flaw":[144],"along":[145],"guardrail":[148],"Rowhammer":[149],"attack":[150,201,221],"inject":[152],"an":[153,158,162,174,220],"unaltered":[154],"jailbreak":[155],"prompt":[156],"into":[157],"LLM,":[159],"resulting":[160],"safety":[164],"violation,":[165],"(2)":[167],"Manipulating":[168],"knowledge":[170],"redirect":[173],"LLM":[175],"agent":[176],"transmit":[178],"sensitive":[179],"user":[180],"malicious":[184],"application,":[185],"thus":[186],"breaching":[187],"confidentiality.":[188],"These":[189],"highlight":[191],"need":[193],"address":[195],"vulnerabilities;":[197],"we":[198],"systematize":[199],"primitives":[202],"analyze":[204],"their":[205,211],"composition":[206],"by":[207,210],"grouping":[208],"objective":[212],"mapping":[214],"them":[215],"distinct":[217],"stages":[218],"lifecycle.":[222],"approach":[224],"enables":[225],"rigorous":[227],"red-teaming":[228],"exercise":[229],"lays":[231],"groundwork":[233],"for":[234],"future":[235],"defense":[236],"strategies.":[237]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-14T00:00:00"}