Securing educational LLMs: A generalised taxonomy of attacks on LLMs and DREAD risk assessment

Farzana Zahid; Anjalika Sewwandi; Lee Brandon; Vimal Kumar; Roopak Sinha

doi:10.1016/j.hcc.2025.100371

High-Confidence Computing ›› 2026, Vol. 6 ›› Issue (1) :100371 DOI: 10.1016/j.hcc.2025.100371

Review Articles

research-article

Securing educational LLMs: A generalised taxonomy of attacks on LLMs and DREAD risk assessment

Author information +

History +

PDF (1436KB)

Abstract

Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models (LLMs) into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models (eLLMs), complement and enhance the effectiveness of teaching, learning, and academic operations. However, their integration into an educational setting raises significant cybersecurity concerns. A comprehensive landscape of contemporary attacks on LLMs and their impact on the educational environment is missing. This study presents a generalised taxonomy of fifty attacks on LLMs, which are categorised as attacks targeting either models or their infrastructure. The severity of these attacks is evaluated in the educational sector using the DREAD risk assessment framework. Our risk assessment indicates that token smuggling, adversarial prompts, direct injection, and multi-step jailbreak are critical attacks on eLLMs. The proposed taxonomy, its application in the educational environment, and our risk assessment will help academic and industrial practitioners to build resilient solutions that protect learners and institutions.

Keywords

Cyber attacks / Large language models (LLMs) / Risk assessment / DREAD / Education

Cite this article

Download citation ▾

Farzana Zahid, Anjalika Sewwandi, Lee Brandon, Vimal Kumar, Roopak Sinha. Securing educational LLMs: A generalised taxonomy of attacks on LLMs and DREAD risk assessment. High-Confidence Computing, 2026, 6(1): 100371 DOI:10.1016/j.hcc.2025.100371

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Farzana Zahid: Writing - review & editing, Writing - original draft, Visualization, Validation, Project administration, Method-ology, Investigation, Formal analysis, Data curation, Conceptual-ization. Anjalika Sewwandi: Writing - original draft. Lee Bran-don: Writing - original draft. Vimal Kumar: Writing - review & editing, Conceptualisation. Roopak Sinha: Writing - review & editing.

Declaration of competing interest

The authors declare that they have no known competing finan-cial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Wayne Xin Zhao, Kun Zhou, Junyi Li, Tianyi Tang, Xiaolei Wang, Yupeng Hou, Yingqian Min, Beichen Zhang, Junjie Zhang, Zican Dong, et al., A survey of large language models, 2023, arXiv preprint arXiv:2303.18223.

[2]	Mohaimenul Azam Khan Raiaan, Md Saddam Hossain Mukta, Kaniz Fatema, Nur Mohammad Fahad, Sadman Sakib, Most Marufatul Jannat Mim, Jubaer Ahmad, Mohammed Eunus Ali, Sami Azam, A review on large language models: Architectures, applications, taxonomies, open issues and challenges, IEEE Access, (2024).

[3]	Yi Liu, Gelei Deng, Yuekang Li, Kailong Wang, Tianwei Zhang, Yepang Liu, Haoyu Wang, Yan Zheng, Yang Liu, Prompt injection attack against LLM-integrated applications, 2023, arXiv preprint arXiv:2306.05499.

[4]	Muhammad Usman Hadi, Rizwan Qureshi, Abbas Shah, Muhammad Irfan, Muhammad Bilal Shaikh, Naveed Akhtar, Jia Wu, Seyedali Mir-jalili, et al. A survey on large language models: Applications, challenges, limitations, and practical usage, Authorea Prepr. (2023).

[5]	Tianhao Shen, Renren Jin, Yufei Huang, Chuang Liu, Weilong Dong, Zishan Guo, Xinwei Wu, Yan Liu, Deyi Xiong, Large language model alignment: A survey, 2023, arXiv preprint arXiv:2309.15025.

[6]	Humza Naveed, Asad Ullah Khan, Shi Qiu, Muhammad Saqib, Saeed Anwar, Muhammad Usman, Naveed Akhtar, Nick Barnes, Ajmal Mian, A comprehensive overview of large language models, 2023, arXiv preprint arXiv:2307.06435.

[7]	Sanjay Kukreja, Tarun Kumar, Amit Purohit, Abhijit Dasgupta, Debashis Guha, A literature survey on open source large language models, in:Proceedings of the 2024 7th International Conference on Computers in Management and Business, 2024, pp. 133-143.

[8]	A. Chowdhery, et al., Scaling Language Modeling with Pathways, PaLM, 2022.

[9]	Hugo Touvron, Thibaut Lavril, Gautier Izacard, Xavier Martinet, Marie-Anne Lachaux, Timothée Lacroix, Baptiste Rozière, Naman Goyal, Eric Hambro, Faisal Azhar, et al., Llama: Open and efficient foundation language models, 2023, arXiv preprint arXiv:2302.13971.

[10]	Gemini Team, Rohan Anil, Sebastian Borgeaud, Jean-Baptiste Alayrac, Jiahui Yu, Radu Soricut, Johan Schalkwyk, Andrew M. Dai, Anja Hauth, Katie Millican, et al., Gemini: a family of highly capable multimodal models, 2023, arXiv preprint arXiv:2312.11805.

[11]	Technology Innovation Institute (TII), Falcon LLM: Open-source large language models, 2023, (Accessed 20 November 2024).

[12]	mhopkins-msft DOMARS, aviviano, Models.

[13]	mhopkins-msft DOMARS, aviviano, GPT-4.

[14]	DeepSeek,DeepSeek - into the unknown,2025, Retrieved on: 2025-02-08.

[15]	Matt Bower, Jodie Torrington, Jennifer W.M. Lai, Peter Petocz, Mark Alfano, How should we change teaching and assessment in response to increasingly powerful generative artificial intelligence? Outcomes of the ChatGPT teacher survey, Educ. Inf. Technol. (2024) 1-37.

[16]	Saurabh Pahune, Manoj Chandrasekharan,Several categories of large language models (llms): A short survey, 2023, arXiv preprint arXiv:2307.10188.

[17]	Firuz Kamalov,David Santandreu Calonge, Ikhlaas Gurrib, New era of artificial intelligence in education: Towards a sustainable multifaceted revolution, Sustainability 15 (16) (2023).

[18]	Shafi Parvez Mohammed, Gahangir Hossain,Chatgpt in education, health-care, and cybersecurity: Opportunities and challenges,in:2024 IEEE 14th Annual Computing and Communication Workshop and Conference, CCWC, IEEE, 2024, pp. 0316-0321.

[19]	Hanyi Xu, Wensheng Gan, Zhenlian Qi, Jiayang Wu, Philip S. Yu,Large language models for education: A survey, 2024, arXiv preprint arXiv:2405.13001.

[20]	Farzad Nourmohammadzadeh Motlagh, Mehrdad Hajizadeh, Mehryar Majd, Pejman Najafi, Feng Cheng, Christoph Meinel,Large language models in cybersecurity: State-of-the-art, 2024, arXiv preprint arXiv:2402.00891.

[21]	Aram Bahrini, Mohammadsadra Khamoshifar, Hossein Abbasimehr, Robert J. Riggs, Maryam Esmaeili, Rastin Mastali Majdabadkohne, Morteza Pasehvar, ChatGPT: Applications, opportunities, and threats, in: 2023 Systems and Information Engineering Design Symposium, SIEDS, IEEE, 2023, pp. 274-279.

[22]	Hany F. Atlam, LLMs in cyber security: Bridging practice and education, Big Data Cogn. Comput. 9 (7) (2025) 184.

[23]	Matthew N.O. Sadiku, Uwakwe C. Chukwu, Janet O. Sadiku, Cybersecurity for education, Eur. J. Innov. Nonform. Educ. 3 (6) (2023) 182-188.

[24]	Nokuthaba Siphambili,Exploring cybersecurity implications in higher education, in:European Conference on Cyber Warfare and Security, vol. 23, 2024, pp. 526-531.

[25]	Jelen Sara, Education sector common breaches and cyber threats, 2024, Offsec.

[26]	Asimily, 4 cyberattacks that shook universities and colleges in the last year, 2024, Asimily Blog.

[27]	Barbara Kitchenham O. Pearl Brereton, David Budgen, Mark Turner, John Bailey, Stephen Linkman, Systematic literature reviews in software engineering - a systematic literature review, Inf. Softw. Technol. 51 (1) (2009) 7-15.

[28]	Microsoft Learn Challenge, Threat modeling for drivers, 2024, (Accessed 18 September 2024).

[29]	Nitin Naik, Paul Jenkins, Paul Grace, Dishita Naik, Shaligram Prajapat, Jingping Song, A comparative analysis of threat modelling methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN, Authorea Prepr. (2024).

[30]	Craig Smith, The Car Hacker’s Handbook: a Guide for the Penetration Tester, no starch Press, 2016.

[31]	Yifan Yao, Jinhao Duan, Kaidi Xu, Yuanfang Cai, Zhibo Sun, Yue Zhang, A survey on large language model (LLM) security and privacy: The good, the bad, and the ugly, High-Confid. Comput. 4 (2) (2024) 100211.

[32]	Erfan Shayegani,Md Abdullah Al Mamun, Yu Fu, Pedram Zaree, Yue Dong, Nael Abu-Ghazaleh, Survey of vulnerabilities in large language models revealed by adversarial attacks, 2023, arXiv preprint arXiv:2310.10844.

[33]	Umar Iqbal, Tadayoshi Kohno, Franziska Roesner, LLM platform security: Applying a systematic evaluation framework to openai’s ChatGPT plugins, 2023, arXiv preprint arXiv:2309.10254.

[34]	Haomiao Yang, Kunlan Xiang, Mengyu Ge, Hongwei Li, Rongxing Lu, Shui Yu, A comprehensive overview of backdoor attacks in large language models within communication networks, IEEE Netw. (2024).

[35]	Xiaodong Wu, Ran Duan, Jianbing Ni, Unveiling security, privacy, and ethical concerns of chatgpt, J. Inf. Intell. (2023).

[36]	Rahul Pankajakshan, Sumitra Biswal, Yuvaraj Govindarajulu, Gilad Gressel, Mapping LLM security landscapes: A comprehensive stakeholder risk assessment proposal, 2024, arXiv preprint arXiv:2403.13309.

[37]	Erik Derner, Kristina Batistič, Beyond the safeguards: Exploring the security risks of chatgpt, 2023, arXiv preprint arXiv:2305.08005.

[38]	Glorin Sebastian, Do ChatGPT and other AI chatbots pose a cybersecurity risk?: An exploratory study, Int. J. Secur. Priv. Pervasive Comput. (IJSPPC) 15 (1) (2023) 1-11.

[39]	Tianyu Cui, Yanling Wang, Chuanpu Fu, Yong Xiao, Sijia Li, Xinhao Deng, Yunpeng Liu, Qinglin Zhang, Ziyi Qiu, Peiyang Li, et al., Risk taxonomy, mitigation, and assessment benchmarks of large language model systems, 2024, arXiv preprint arXiv:2401.05778.

[40]	Junjie Chu, Yugeng Liu, Ziqing Yang, Xinyue Shen, Michael Backes, Yang Zhang, Comprehensive assessment of jailbreak attacks against llms, 2024, arXiv preprint arXiv:2402.05668.

[41]	Arijit Ghosh Chowdhury, Md Mofijul Islam, Vaibhav Kumar, Faysal Hos-sain Shezan, Vinija Jain, Aman Chadha, Breaking down the defenses: A comparative survey of attacks on large language models, 2024, arXiv preprint arXiv:2403.04786.

[42]	Jie Zhang, Haoyu Bu, Hui Wen, Yongji Liu, Haiqiang Fei, Rongrong Xi, Lun Li, Yun Yang, Hongsong Zhu, Dan Meng, When llms meet cybersecurity: A systematic literature review, Cybersecurity 8 (1) (2025) 55.

[43]	Liz Kellermeyer, Ben Harnke, Shandra Knight, Covidence, J. Med. Libr. Assoc. 106 (4) (2018).

[44]	Kai Petersen, Sairam Vakkalanka, Ludwik Kuzniarz, Guidelines for con-ducting systematic mapping studies in software engineering: an update, Inf. Softw. Technol. 64 (2015) 1-18.

[45]	MITRE Corporation, Mitre Atlas. https://atlas.mitre.org/.

[46]	AI Incident Database https://incidentdatabase.ai/.

[47]	Sandy Dunn, LLM AI cybersecurity and governance checklist.

[48]	Muhammad Uzair Khan, Salman Sherin, Muhammad Zohaib Iqbal, Rubab Zahid, Landscaping systematic mapping studies in software engineering: a tertiary study, J. Syst. Softw. 149 (2019) 396-436.

[49]	Ziyi Kou, Shichao Pei, Yijun Tian, Xiangliang Zhang, Character as pixels: A controllable prompt adversarial attacking framework for black-box text guided image generation models, in: IJCAI, 2023, pp. 983-990.

[50]	Shijie Wu, Ozan Irsoy, Steven Lu, Vadim Dabravolski, Mark Dredze, Sebastian Gehrmann, Prabhanjan Kambadur, David Rosenberg, Gideon Mann, Bloomberggpt: A large language model for finance, 2023, arXiv preprint arXiv:2303.17564.

[51]	Maciej Żelaszczyk, Jacek Mańdziuk, Text-to-image cross-modal genera-tion: A systematic review, 2024, arXiv preprint arXiv:2401.11631.

[52]	Chenyu Zhang, Mingwang Hu, Wenhui Li, Lanjun Wang, Adversarial attacks and defenses on text-to-image diffusion models: A survey, Inf. Fusion (2024) 102701.

[53]	Chen Henry Wu, Jing Yu Koh, Ruslan Salakhutdinov, Daniel Fried, Aditi Raghunathan, Adversarial attacks on multimodal agents, 2024, arXiv preprint arXiv:2406.12814.

[54]	Geslevich Nizan, Generative AI under attack: Flowbreaking exploits trigger data leaks, 2024, https://www.forbes.com/sites/nizangpackin/2024/11/26/generative-ai-under-attack-flowbreaking-exploits-trigger-data-leaks/. (Accessed 1 January 2025).

[55]	Evron Gadi, Suicide bot: New AI attack causes LLM to provide potential "self-harm" instructions, 2024, https://www.knostic.ai/blog/flowbreaking-ai-attack. (Accessed 1 January 2025).

[56]	Simon Willison, LLM flowbreaking, 2024, https://simonwillison.net/2024/Nov/29/llm-flowbreaking. (Accessed 01 January 2025).

[57]

Sander Schulhoff, Jeremy Pinto, Anaum Khan, Louis-François Bouchard, Chenglei Si, Svetlina Anati, Valen Tagliabue, Anson Kost, Christopher Car-nahan, Jordan Boyd-Graber, Ignore this title and HackAPrompt: Exposing systemic vulnerabilities of LLMs through a global prompt hacking com-petition,in: Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing, 2023, pp. 4945-4977.

[58]	Srikar Alla, Ali Shiri Sichani, Cyberattacks on large language models-attack detection and architecture adaptability, in: SoutheastCon 2025, IEEE, 2025, pp. 143-148.

[59]

Kai Greshake, Sahar Abdelnabi, Shailesh Mishra, Christoph Endres, Thorsten Holz, Mario Fritz, Not what you’ve signed up for: Compromising real-world llm-integrated applications with indirect prompt injection, in: Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, 2023, pp. 79-90.

[60]	Qiusi Zhan, Richard Fang, Henil Shalin Panchal, Daniel Kang, Adaptive attacks break defenses against indirect prompt injection attacks on LLM agents, 2025, arXiv preprint arXiv:2503.00061.

[61]	Maanak Gupta, CharanKumar Akiri, Kshitiz Aryal, Eli Parker, Lopamu-dra Praharaj, From chatgpt to threatgpt: Impact of generative ai in cybersecurity and privacy, IEEE Access (2023).

[62]	Surender Suresh Kumar, M.L. Cummings, Alexander Stimpson, Strength-ening LLM trust boundaries: a survey of prompt injection attacks, in: 2024 IEEE 4th International Conference on Human-Machine Systems, ICHMS, 2024, pp. 1-6.

[63]	Milad Nasr, Nicholas Carlini, Jonathan Hayase, Matthew Jagielski, A. Feder Cooper, Daphne Ippolito, Christopher A. Choquette-Choo, Eric Wallace, Florian Tramèr, Katherine Lee, Scalable extraction of training data from (production) language models, 2023, arXiv preprint arXiv:2311.17035.

[64]	Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin, Analyzing leakage of personally identifiable information in language models, in: 2023 IEEE Symposium on Security and Privacy, SP, IEEE, 2023, pp. 346-363.

[65]	Bo Hui, Haolin Yuan, Neil Gong, Philippe Burlina, Yinzhi Cao, PLeak: Prompt leaking attacks against large language model applications, 2024, arXiv preprint arXiv:2405.06823.

[66]	Wentao Wang, Han Xu, Yuxuan Wan, Jie Ren, Jiliang Tang, Towards adver-sarial learning: from evasion attacks to poisoning attacks,in: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, 2022, pp. 4830-4831.

[67]	Pranjal Kumar, Adversarial attacks and defenses for large language models (LLMs): methods, frameworks & challenges, Int. J. Multimed. Inf. Retr. 13 (3) (2024) 26.

[68]	Yifan Jiang, Kriti Aggarwal, Tanmay Laud, Kashif Munir, Jay Pujara, Subhabrata Mukherjee, RED QUEEN: Safeguarding large language models against concealed multi-turn jailbreaking, 2024, arXiv preprint arXiv:2409.17458.

[69]	Yangsibo Huang, Samyak Gupta, Mengzhou Xia, Kai Li, Danqi Chen, Catastrophic jailbreak of open-source llms via exploiting generation, 2023, arXiv preprint arXiv:2310.06987.

[70]	Kevin Eykholt, Farhan Ahmed, Pratik Vaishnavi, Amir Rahmati, Taking off the rose-tinted glasses: A critical look at adversarial ML through the lens of evasion attacks, 2024, arXiv preprint arXiv:2410.12076.

[71]	Filippo Galli, Luca Melis, Tommaso Cucinotta, Noisy neighbors: Efficient membership inference attacks against LLMs, 2024, arXiv preprint arXiv:2406.16565.

[72]	Hai Huang, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang, Composite backdoor attacks against large language models, 2023, arXiv preprint arXiv:2310.07676.

[73]	Shuai Zhao, Jinming Wen, Luu Anh Tuan, Junbo Zhao, Jie Fu, Prompt as triggers for backdoor attack: Examining the vulnerability in language models, 2023, arXiv preprint arXiv:2305.01219.

[74]	Antispoofing, Data poisining attacks and LLMs chatbots: How experts are responding, 2024, (Accessed 18 December 2024).

[75]	Yiming Zhang, Javier Rando, Ivan Evtimov, Jianfeng Chi, Eric Michael Smith, Nicholas Carlini, Florian Tramèr, Daphne Ippolito, Persistent pre-training poisoning of LLMs, 2024, arXiv preprint arXiv:2410.13722.

[76]	Hongwei Yao, Jian Lou, Zhan Qin, Poisonprompt: Backdoor attack on prompt-based large language models, in: ICASSP 2024-2024 IEEE Inter-national Conference on Acoustics, Speech and Signal Processing, ICASSP, IEEE, 2024, pp. 7745-7749.

[77]	Bargav Jayaraman, David Evans, Are attribute inference attacks just imputation? in:Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 1569-1582.

[78]

Benjamin Zi Hao Zhao, Aviral Agrawal, Catisha Coburn, Hassan Jameel Asghar, Raghav Bhaskar, Mohamed Ali Kaafar, Darren Webb, Peter Dick-inson, On the (in) feasibility of attribute inference attacks on machine learning models, in: 2021 IEEE European Symposium on Security and Privacy, EuroS&P, IEEE, 2021, pp. 232-251.

[79]	Andrii Balashov, Olena Ponomarova, Xiaohua Zhai, Multi-stage prompt inference attacks on enterprise LLM systems, 2025, arXiv preprint arXiv:2507.15613.

[80]	Matthew Gereti, Alejandro Robinson, Sebastian Williams, Christopher Anderson, Dominic Walker, Token-based prompt manipulation for automated large language model evaluation, Authorea Prepr. (2024).

[81]	Stefano Cresci, Marinella Petrocchi, Angelo Spognardi, Stefano Tognazzi, Adversarial machine learning for protecting against online manipulation, IEEE Internet Comput. 26 (2) (2021) 47-52.

[82]	Lewis Birch, William Hackett, Stefan Trawicki, Neeraj Suri, Peter Gar-raghan, Model leeching: An extraction attack targeting llms, 2023, arXiv preprint arXiv:2309.10544.

[83]	Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, et al., Extracting training data from large language models,in:30th USENIX Security Symposium, USENIX Security 21, 2021, pp. 2633-2650.

[84]	João Vitorino, Eva Maia, Isabel Praça, Adversarial evasion attack efficiency against large language models, 2024, arXiv preprint arXiv:2406.08050.

[85]	Han Xu, Yao Ma, Hao-Chen Liu, Debayan Deb, Hui Liu, Ji-Liang Tang, Anil K. Jain, Adversarial attacks and defenses in images, graphs and text: A review, Int. J. Autom. Comput. 17 (2020) 151-178.

[86]	Xiaodong Wu, Ran Duan, Jianbing Ni, Unveiling security, privacy, and ethical concerns of ChatGPT, J. Inf. Intell. 2 (2) (2024) 102-115.

[87]	Jia-Yu Yao, Kun-Peng Ning, Zhen-Hui Liu, Mu-Nan Ning, Yu-Yang Liu, Li Yuan, Llm lies: Hallucinations are not bugs, but features as adversarial examples, 2023, arXiv preprint arXiv:2310.01469.

[88]	Patrick Levi, Christoph P. Neumann, Vocabulary attack to hijack large language model applications, 2024, arXiv preprint arXiv:2404.02637.

[89]	Yao Qiang, Hijacking Large Language Models Via Adversarial In-Context Learning (Master’s thesis), Wayne State University, 2024.

[90]	Yao Qiang, Xiangyu Zhou, Dongxiao Zhu, Hijacking large language models via adversarial in-context learning, 2023, arXiv preprint arXiv:2311.09948.

[91]	Maksym Andriushchenko, Francesco Croce, Nicolas Flammarion, Matthias Hein, Square attack: a query-efficient black-box adversarial attack via random search, in: European Conference on Computer Vision, Springer, 2020, pp. 484-501.

[92]	Narayanaswamy Gopi, LLM security - threats faced by large language models (LLMs), 2024, LinkedIn Post.

[93]	Xiaoyu Zhang, Cen Zhang, Tianlin Li, Yihao Huang, Xiaojun Jia, Ming Hu, Jie Zhang, Yang Liu, Shiqing Ma, Chao Shen, Jailguard: A universal detection framework for prompt-based attacks on LLM systems, ACM Trans. Softw. Eng. Methodol. (2025).

[94]	OWASP Top 10 for LLM Applications 2025.

[95]	Benji Peng, Keyu Chen, Ming Li, Pohsun Feng, Ziqian Bi, Junyu Liu, Qian Niu, Securing large language models: Addressing bias, misinformation, and prompt attacks, 2024, arXiv preprint arXiv:2409.08087.

[96]	Leo Schwinn, David Dobre, Stephan Günnemann, Gauthier Gidel, Ad-versarial attacks and defenses in large language models: Old and new threats, 2023, arXiv preprint arXiv:2310.19737.

[97]	Leo Schwinn, David Dobre, Sophie Xhonneux, Gauthier Gidel, Stephan Gunnemann, Soft prompt threats: Attacking safety alignment and un-learning in open-source llms through the embedding space, 2024, arXiv preprint arXiv:2402.09063.

[98]	Xiaogeng Liu, Nan Xu, Muhao Chen, Chaowei Xiao, Autodan: Generating stealthy jailbreak prompts on aligned large language models, 2023, arXiv preprint arXiv:2310.04451.

[99]	Haoran Li, Dadi Guo, Wei Fan, Mingshi Xu, Jie Huang, Fanpu Meng, Yangqiu Song, Multi-step jailbreaking privacy attacks on chatgpt, 2023, arXiv preprint arXiv:2304.05197.

[100]

Yuqi Zhou, Lin Lu, Hanchi Sun, Pan Zhou, Lichao Sun, Virtual context: Enhancing jailbreak attacks with special token injection, 2024, arXiv preprint arXiv:2406.19845.

[101]

Dillon Bowen, Brendan Murphy, Will Cai, David Khachaturov, Adam Gleave, Kellin Pelrine, Scaling laws for data poisoning in llms, 2024, arXiv preprint arXiv:2408.02946.

[102]

Takayuki Miura, Toshiki Shibahara, Naoto Yanai, Megex: Data-free model extraction attack against gradient-based explainable ai,in: Proceedings of the 2nd ACM Workshop on Secure and Trustworthy Deep Learning Systems, 2024, pp. 56-66.

[103]

Hongsheng Hu, Zoran Salcic, Lichao Sun, Gillian Dobbie, Philip S. Yu, Xuyun Zhang, Membership inference attacks on machine learning: A survey, ACM Comput. Surv. 54 (11s) (2022) 1-37.

[104]

Parisa Kaghazgaran, Majid Alfifi, James Caverlee, Wide-ranging review manipulation attacks: Model, empirical study, and countermeasures, in:Proceedings of the 28th ACM International Conference on Information and Knowledge Management, 2019, pp. 981-990.

[105]

Cong Liao, Haoti Zhong, Sencun Zhu, Anna Squicciarini, Server-based manipulation attacks against machine learning models, in:Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018, pp. 24-34.

[106]

Tanmay Singla, Dharun Anandayuvaraj, Kelechi G. Kalu, Taylor R. Schor-lemmer, James C. Davis, An empirical study on using large language models to analyze software supply chain security failures, in: Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2023, pp. 5-15.

[107]

Qiang Hu, Xiaofei Xie, Sen Chen, Lei Ma, Large language model supply chain: Open problems from the security perspective, 2024, arXiv preprint arXiv:2411.01604.

[108]

Obasdiaru Andrew, LLM Supply Chain Attack: Prevention Strategies.

[109]

Sara Abdali, Richard Anarfi, C.J. Barberan, Jia He, Securing large language models: Threats, vulnerabilities and responsible practices, 2024, arXiv preprint arXiv:2403.12503.

[110]

Xinyao Zheng, Husheng Han, Shangyi Shi, Qiyan Fang, Zidong Du, Qi Guo, Xing Hu, InputSnatch: Stealing input in LLM services via timing side-channel attacks, 2024, arXiv preprint arXiv:2411.18191.

[111]

Najmeh Nazari, Furi Xiang, Chongzhou Fang, Hosein Mohammadi Makrani, Aditya Puri, Kartik Patwari, Hossein Sayadi, Setareh Rafatirad, Chen-Nee Chuah, Houman Homayoun, LLM-FIN: Large language mod-els fingerprinting attack on edge devices, in: 2024 25th International Symposium on Quality Electronic Design, ISQED, IEEE, 2024, pp. 1-6.

[112]

Roy Weiss, Daniel Ayzenshteyn, Guy Amit, Yisroel Mirsky, What was your prompt? A remote keylogging attack on AI assistants, 2024, arXiv preprint arXiv:2403.09751.

[113]

Tong Liu, Zizhuang Deng, Guozhu Meng, Yuekang Li, Kai Chen, Demys-tifying rce vulnerabilities in llm-integrated apps, 2023, arXiv preprint arXiv:2309.02926.

[114]

Lance Itonin, Nathaniel Caldwell, Ava Richardson, Leveraging large lan-guage models for autonomous red teaming in simulating advanced ransomware attacks, Affil. Available (2024) Preliminary report on TechHub.

[115]

Jie Zhang, Haoyu Bu, Hui Wen, Yu Chen, Lun Li, Hongsong Zhu, When llms meet cybersecurity: A systematic literature review, 2024, arXiv preprint arXiv:2405.03644.

[116]

Fangzhou Wu, Ning Zhang, Somesh Jha, Patrick McDaniel, Chaowei Xiao, A new era in llm security: Exploring security concerns in real-world llm-based systems, 2024, arXiv preprint arXiv:2402.18649.

[117]

Edoardo Debenedetti, Giorgio Severi, Nicholas Carlini, Christopher A. Choquette-Choo, Matthew Jagielski, Milad Nasr, Eric Wallace, Florian Tramèr, Privacy side channels in machine learning systems, in: 33rd USENIX Security Symposium, USENIX Security 24, 2024, pp. 48-61.

[118]

Praveen Kulkarni, Vincent Verneuil, Stjepan Picek, Lejla Batina, Order vs. chaos: a language model approach for side-channel attacks, Cryptol. EPrint Arch. (2023).

[119]

K. Ram Mohan Rao, Durgesh Pant, A threat risk modeling framework for geospatial weather information system (GWIS) a DREAD based study, Int. J. Adv. Comput. Sci. Appl. 1 (3) (2010).

[120]

Lu Zhang, Arie Taal, Reginald Cushing, Cees de Laat, Paola Grosso, A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces, Int. J. Inf. Secur. 21 (3) (2022) 509-525.

[121]

Archana Singhal, Hema Banati, et al., Fuzzy logic approach for threat prioritization in agile security framework using DREAD model, 2013, arXiv preprint arXiv:1312.6836.

[122]

Buhang Zhai, Oluwatobi Noah Akande, Saurabh Agarwal, Wooguil Pak, Security risk assessment of internet of things health devices using DREAD and STRIDE models, Ain Shams Eng. J. 16 (11) (2025) 103721.

[123]

P. Subhash, MOHAMMED Qayyum, K. Mehernadh, K. Jeevan Sahit, C. Likhitha Varsha, M. Nevan Hardeep, Risk assessment threat modelling using an integrated framework to enhance security, J. Theor. Appl. Inf. Technol 102 (9) (2024) 3857-3867.

[124]

National Vulnerability Database (NVD), National Institute of Standards and Technology (NIST), 2024, (Accessed 10 December 2024).

[125]

OpenAI, Introducing study mode, 2025, https://openai.com/index/chatgpt-study-mode/. (Accessed 08 October 2025).

[126]

Karan Taneja, Pratyusha Maiti, Sandeep Kakar, Pranav Guruprasad, San-jeev Rao, Ashok K Goel, Jill Watson: A virtual teaching assistant powered by ChatGPT, in: International Conference on Artificial Intelligence in Education, Springer, 2024, pp. 324-337.