{"id":"https://openalex.org/W7147584645","doi":"https://doi.org/10.48550/arxiv.2603.29062","title":"CivicShield: A Cross-Domain Defense-in-Depth Framework for Securing Government-Facing AI Chatbots Against Multi-Turn Adversarial Attacks","display_name":"CivicShield: A Cross-Domain Defense-in-Depth Framework for Securing Government-Facing AI Chatbots Against Multi-Turn Adversarial Attacks","publication_year":2026,"publication_date":"2026-03-30","ids":{"openalex":"https://openalex.org/W7147584645","doi":"https://doi.org/10.48550/arxiv.2603.29062"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.29062","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29062","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.29062","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132664069","display_name":"KrishnaSaiReddy Patil","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Patil, KrishnaSaiReddy","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5132664069"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.251800000667572,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.251800000667572,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.21950000524520874,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.12099999934434891,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6101999878883362},{"id":"https://openalex.org/keywords/intersection","display_name":"Intersection (aeronautics)","score":0.4171000123023987},{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.3765000104904175},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.3736000061035156},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.3723999857902527},{"id":"https://openalex.org/keywords/chatbot","display_name":"Chatbot","score":0.36059999465942383},{"id":"https://openalex.org/keywords/conversation","display_name":"Conversation","score":0.3547999858856201},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.33169999718666077}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.666700005531311},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6308000087738037},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6101999878883362},{"id":"https://openalex.org/C64543145","wikidata":"https://www.wikidata.org/wiki/Q162942","display_name":"Intersection (aeronautics)","level":2,"score":0.4171000123023987},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.3765000104904175},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.3736000061035156},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3723999857902527},{"id":"https://openalex.org/C2779041454","wikidata":"https://www.wikidata.org/wiki/Q870780","display_name":"Chatbot","level":2,"score":0.36059999465942383},{"id":"https://openalex.org/C2777200299","wikidata":"https://www.wikidata.org/wiki/Q52943","display_name":"Conversation","level":2,"score":0.3547999858856201},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33899998664855957},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.33169999718666077},{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.30889999866485596},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.3050000071525574},{"id":"https://openalex.org/C2779267917","wikidata":"https://www.wikidata.org/wiki/Q170028","display_name":"Deception","level":2,"score":0.30219998955726624},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.28600001335144043},{"id":"https://openalex.org/C2779679337","wikidata":"https://www.wikidata.org/wiki/Q644371","display_name":"International airport","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2847999930381775},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.2816999852657318},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2750000059604645},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.25609999895095825},{"id":"https://openalex.org/C59577422","wikidata":"https://www.wikidata.org/wiki/Q10265143","display_name":"False accusation","level":2,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.29062","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29062","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.29062","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.29062","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5859353542327881}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"LLM-based":[0],"chatbots":[1],"in":[2],"government":[3,208],"services":[4],"face":[5],"critical":[6],"security":[7],"gaps.":[8],"Multi-turn":[9],"adversarial":[10],"attacks":[11],"achieve":[12],"over":[13],"90%":[14],"success":[15],"against":[16,138],"current":[17],"defenses,":[18],"and":[19,49,89,116,146,171,210],"single-layer":[20,135],"guardrails":[21],"are":[22],"bypassed":[23],"with":[24,60,71,78,155],"similar":[25],"rates.":[26],"We":[27,94],"present":[28,95],"CivicShield,":[29],"a":[30,96],"cross-domain":[31],"defense-in-depth":[32],"framework":[33,107],"for":[34],"government-facing":[35],"AI":[36,206],"chatbots.":[37],"Drawing":[38],"on":[39,177,186,191],"network":[40],"security,":[41],"formal":[42,97],"verification,":[43,88],"biological":[44],"immune":[45],"systems,":[46],"aviation":[47],"safety,":[48,207],"zero-trust":[50,58],"cryptography,":[51],"CivicShield":[52,197],"introduces":[53],"seven":[54],"defense":[55],"layers:":[56],"(1)":[57],"foundation":[59],"capability-based":[61],"access":[62],"control,":[63],"(2)":[64],"perimeter":[65],"input":[66],"validation,":[67],"(3)":[68],"semantic":[69],"firewall":[70],"intent":[72],"classification,":[73],"(4)":[74],"conversation":[75],"state":[76],"machine":[77],"safety":[79],"invariants,":[80],"(5)":[81],"behavioral":[82],"anomaly":[83],"detection,":[84],"(6)":[85],"multi-model":[86],"consensus":[87],"(7)":[90],"graduated":[91,162],"human-in-the-loop":[92],"escalation.":[93],"threat":[98],"model":[99],"covering":[100],"8":[101],"multi-turn":[102,169],"attack":[103,127],"families,":[104,115],"map":[105],"the":[106,203],"to":[108],"NIST":[109],"SP":[110],"800-53":[111],"controls":[112],"across":[113],"14":[114],"evaluate":[117],"using":[118],"ablation":[119],"analysis.":[120],"Theoretical":[121],"analysis":[122],"shows":[123],"layered":[124],"defenses":[125],"reduce":[126],"probability":[128],"by":[129],"1-2":[130],"orders":[131],"of":[132,168,205],"magnitude":[133],"versus":[134,180],"approaches.":[136],"Simulation":[137],"1,436":[139],"scenarios":[140,182],"including":[141],"HarmBench":[142],"(416),":[143],"JailbreakBench":[144],"(200),":[145],"XSTest":[147],"(450)":[148],"achieves":[149],"72.9%":[150],"combined":[151],"detection":[152,167],"[69.5-76.0%":[153],"CI]":[154],"2.9%":[156],"effective":[157],"false":[158],"positive":[159],"rate":[160],"after":[161],"response,":[163],"while":[164],"maintaining":[165],"100%":[166],"crescendo":[170],"slow-drift":[172],"attacks.":[173],"The":[174],"honest":[175],"drop":[176],"real":[178],"benchmarks":[179],"author-generated":[181],"(71.2%":[183],"vs":[184,189],"76.7%":[185],"HarmBench,":[187],"47.0%":[188],"70.0%":[190],"JailbreakBench)":[192],"validates":[193],"independent":[194],"evaluation":[195],"importance.":[196],"addresses":[198],"an":[199],"open":[200],"gap":[201],"at":[202],"intersection":[204],"compliance,":[209],"practical":[211],"deployment.":[212]},"counts_by_year":[],"updated_date":"2026-04-02T13:53:19.096889","created_date":"2026-04-02T00:00:00"}