SEE MATPROOF ON YOUR STACK — BOOK A 30-MINUTE DEMO
AI_SAFETYarxiv_cscr16 Jul 2026

arXiv: Automated Template-free Synthesis of Instruction-Centric Leakage Contracts for Black-Box CPUs

AI_SAFETY. Sourced from arxiv_cscr, summarised by Matproof.

AI Analysis

What changed and what to do.

This paper, published on arXiv, introduces a novel method for automatically generating "leakage contracts" for black-box CPUs without relying on pre-defined templates. A leakage contract formally specifies what information a processor might inadvertently expose through side channels, such as timing or power consumption. The key change is that this approach can analyze any CPU model, including proprietary or undocumented ones, by observing its behavior and inferring potential data leaks, rather than requiring manual analysis or vendor-provided specifications.

The primary affected organizations are those developing or deploying AI systems, particularly in sectors like finance, healthcare, and critical infrastructure where data confidentiality is paramount. Hardware vendors, cloud service providers, and any entity using third-party CPUs for sensitive workloads should also take note. This technique could reveal previously unknown vulnerabilities in processors, impacting compliance with regulations like the EU AI Act, which mandates robust security and transparency for high-risk AI systems.

Compliance teams should first assess whether their organization relies on CPUs that are not fully documented or are from less transparent vendors. Next, they should engage with hardware security teams to evaluate if this automated analysis could be applied to their current processors, especially for high-risk AI applications. Finally, they should monitor for any resulting vulnerability disclosures and update their risk assessments and supply chain due diligence processes accordingly, ensuring that any identified leakage contracts are addressed in their security and compliance documentation.

This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.

More AI_SAFETY updates

Latest in AI_SAFETY.

Live regulatory monitoring

Never miss a compliance update.

Get weekly digests of DORA, NIS2, GDPR, MaRisk, and ISO 27001 changes — straight to your inbox. Free.

No spam. Weekly digest only. Unsubscribe anytime.

DORANIS2GDPRMaRiskISO 27001

Map this to your controls

Connect regulatory changes to your compliance work.

Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.