This publication introduces a new evaluation framework for AI safety, moving beyond simple success rates to incorporate cost-aware metrics for both offensive and defensive security agents. The paper…
arXiv: Automated Template-free Synthesis of Instruction-Centric Leakage Contracts for Black-Box CPUs
AI_SAFETY. Sourced from arxiv_cscr, summarised by Matproof.
AI Analysis
What changed and what to do.
This paper, published on arXiv, introduces a novel method for automatically generating "leakage contracts" for black-box CPUs without relying on pre-defined templates. A leakage contract formally specifies what information a processor might inadvertently expose through side channels, such as timing or power consumption. The key change is that this approach can analyze any CPU model, including proprietary or undocumented ones, by observing its behavior and inferring potential data leaks, rather than requiring manual analysis or vendor-provided specifications.
The primary affected organizations are those developing or deploying AI systems, particularly in sectors like finance, healthcare, and critical infrastructure where data confidentiality is paramount. Hardware vendors, cloud service providers, and any entity using third-party CPUs for sensitive workloads should also take note. This technique could reveal previously unknown vulnerabilities in processors, impacting compliance with regulations like the EU AI Act, which mandates robust security and transparency for high-risk AI systems.
Compliance teams should first assess whether their organization relies on CPUs that are not fully documented or are from less transparent vendors. Next, they should engage with hardware security teams to evaluate if this automated analysis could be applied to their current processors, especially for high-risk AI applications. Finally, they should monitor for any resulting vulnerability disclosures and update their risk assessments and supply chain due diligence processes accordingly, ensuring that any identified leakage contracts are addressed in their security and compliance documentation.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
More AI_SAFETY updates
Latest in AI_SAFETY.
This paper, published on arXiv, introduces a novel methodology for assessing AI safety that goes beyond traditional text-based content filtering. The authors propose a "hidden-state risk space"…
This paper, published on arXiv on July 16, 2026, details a novel cybersecurity vulnerability targeting AI coding agents. The research demonstrates that malicious actors can embed hidden instructions…
This publication introduces DataShield, a novel technical framework designed to detect risky or non-compliant data used in the fine-tuning of large language models. The method works by identifying…
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.