Guardado en:
Detalles Bibliográficos
Autores principales: Yu, Tianlong, Yang, Yang, Luo, Xiao, Liu, Lihong, Xing, Fudu, Tao, Zui, Wang, Kailong, Liu, Gaoyang, Bi, Ting
Formato: Preprint
Publicado: 2026
Materias:
Acceso en línea:https://arxiv.org/abs/2604.23141
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866914507496882176
author Yu, Tianlong
Yang, Yang
Luo, Xiao
Liu, Lihong
Xing, Fudu
Tao, Zui
Wang, Kailong
Liu, Gaoyang
Bi, Ting
author_facet Yu, Tianlong
Yang, Yang
Luo, Xiao
Liu, Lihong
Xing, Fudu
Tao, Zui
Wang, Kailong
Liu, Gaoyang
Bi, Ting
contents Emerging AR-LLM-based Social Engineering attack (e.g., SEAR) is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR (Augmented Reality) glass to capture the image and vocal information of the target, using the LLM to identify the target and generate the social profile, using the LLM agents to apply social engineering strategies for conversation suggestion to win the target trust and perform phishing afterwards. Current defensive approaches, such as role-based access control or data flow tracking, are not directly applicable to the convergent AR-LLM ecosystem (considering embedded AR device and opaque LLM inference), leaving an emerging and potent social engineering threat that existing privacy paradigms are ill-equipped to address. This necessitates a shift beyond solely human-centric measures like legislation and user education toward enforceable vendor policies and platform-level restrictions. Realizing this vision, however, faces significant technical challenges: securing resource-constrained AR-embedded devices, implementing fine-grained access control within opaque LLM inferences, and governing adaptive interactive agents. To address these challenges, we present UNSEEN, a coordinated cross-stack defense that combines an AR ACL (Access Control Layer) for identity-gated sensing, F-RMU-based LLM unlearning for sensitive profile suppression, and runtime agent guardrails for adaptive interaction control. We evaluate UNSEEN in an IRB-approved user study with 60 participants and a dataset of 360 annotated conversations across realistic social scenarios.
format Preprint
id arxiv_https___arxiv_org_abs_2604_23141
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks
Yu, Tianlong
Yang, Yang
Luo, Xiao
Liu, Lihong
Xing, Fudu
Tao, Zui
Wang, Kailong
Liu, Gaoyang
Bi, Ting
Cryptography and Security
Artificial Intelligence
Emerging AR-LLM-based Social Engineering attack (e.g., SEAR) is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR (Augmented Reality) glass to capture the image and vocal information of the target, using the LLM to identify the target and generate the social profile, using the LLM agents to apply social engineering strategies for conversation suggestion to win the target trust and perform phishing afterwards. Current defensive approaches, such as role-based access control or data flow tracking, are not directly applicable to the convergent AR-LLM ecosystem (considering embedded AR device and opaque LLM inference), leaving an emerging and potent social engineering threat that existing privacy paradigms are ill-equipped to address. This necessitates a shift beyond solely human-centric measures like legislation and user education toward enforceable vendor policies and platform-level restrictions. Realizing this vision, however, faces significant technical challenges: securing resource-constrained AR-embedded devices, implementing fine-grained access control within opaque LLM inferences, and governing adaptive interactive agents. To address these challenges, we present UNSEEN, a coordinated cross-stack defense that combines an AR ACL (Access Control Layer) for identity-gated sensing, F-RMU-based LLM unlearning for sensitive profile suppression, and runtime agent guardrails for adaptive interaction control. We evaluate UNSEEN in an IRB-approved user study with 60 participants and a dataset of 360 annotated conversations across realistic social scenarios.
title UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2604.23141