Proving termination or non-termination of lasso programs is a challenging problem in program verification. To unify state-of-the-art approaches under a common execution framework, we present PaSTTeL, a modular and generic parallel portfolio framework for termination and non-termination analysis of lasso programs. PaSTTeL is designed to: (1) facilitate the integration of new analysis algorithms into the portfolio, (2) execute registered strategies concurrently, and (3) act as a self-contained library component that can be seamlessly embedded into any external project requiring (non-)termination analysis. Initial experiments demonstrate that an instantiation of PaSTTeL performs competitively against state-of-the-art tools.

Conflict-free Replicated Data Types (CRDTs) ensure Strong Eventual Consistency without coordination, but typically assume benign participants and rely on validation or exclusion to handle Byzantine behavior. We address this problem through deterministic state reconstruction: rather than deciding which updates are admissible, all accepted updates are incorporated, while only a subset contributes to the reconstructed state. We instantiate this approach in Melda, a non-intrusive delta-state CRDT for JSON documents, and show that its reconstruction model guarantees convergence even under arbitrary update injection: adversarial updates are either structurally rejected or treated as inputs to the reconstruction process. We formalize this model and prove that replicas deriving state from the same set of updates cannot diverge despite equivocation, omission, or message reordering. We further show that authentication, authorization, and confidentiality can be layered without affecting convergence. Overall, this approach suggests that Byzantine tolerance can be achieved by decoupling update propagation from state derivation, allowing agreement on updates to be handled independently by external dissemination or consensus mechanisms.

We investigate a population of self-interested agents playing a repeated Prisoner's Dilemma under the trigger-restart mechanism. Under such a mechanism, agents play a sequence of symmetric games with their partner, and restart the interaction if their actions disagree. Our work focuses on the convergence of replicator dynamics in a well-mixed population of agents, where the emergence of cooperation is challenged by the individual incentive for exploitation. Formulating the corresponding parametrised normal-form game, with agents each adopting a length-m strategy sequence, we show that increasing the strategy length enables cooperation to emerge and stabilise. We provide exact convergence guarantees for restricted strategy lengths and, in the general payoff configuration, provide the necessary parametric conditions for the stability of cooperative strategies. By deriving an exact formula for the number of stable sequences, we find structural properties necessary for stability, as agents must learn to initially defect - the so-called "hazing period" - before cooperating indefinitely. Our analysis shows that, while optimal cooperative sequences exist, agents favour less-optimal sequences with a longer hazing period, which possess larger basins of attraction.

Cluster-scale full-stack simulation is essential for evaluating distributed software stacks and emerging hardware components before deployment. Such simulation must achieve both full-stack fidelity for the unmodified production stack and the simulation performance required for iterative configuration exploration. However, no existing method achieves both. We present LiveStack, an OS-level approach to cluster-scale full-stack simulation built on top of the Linux virtualization stack. LiveStack comprises four subsystems: simulation-oriented scheduling, live memory hierarchy management, simulation-aware IPC, and distributed simulation orchestration. Together, they coordinate live and modeled components under shared simulated time while controlling interference among co-located live hosts. These mechanisms point toward simulation-native OS support, where simulation control and orchestration become core OS responsibilities.

Urban territories face growing tensions between increasing digital demand, limited resources, and socially constrained built environments. Although distributed computing paradigms such as edge and fog computing are widely presented as solutions for reducing latency and energy dissipation, the scientific literature largely overlooks where such infrastructures can be physically and socially deployed within cities, and typically neglects urban constraints, environmental impacts, and equity considerations. This paper proposes a methodology for identifying suitable urban locations for deploying distributed servers under structural, environmental, and social limits. Relying exclusively on existing infrastructures and anthropised surfaces, it combines legal frameworks, ongoing urban projects, citizen consultations, and scientific literature to construct a place-based glossary of viable site typologies, evaluated through energy, spatial, and qualitative criteria. Applied to the French city of Montpellier, our results illustrate how urban constraints and local resources shape the feasibility of decentralised, solar-powered digital infrastructures, and highlight the value of territorialised approaches for rethinking digital services within urban limits.

We introduce epistemic pairwise maximin share (EPMMS), a new fairness notion for fair division of indivisible goods. Two fundamental notions in this setting are envy-freeness up to any item (EFX) and pairwise maximin share (PMMS), with PMMS being stronger than EFX. While EFX has been extensively studied, far less is known about PMMS. Recent work shows that relaxing EFX via an epistemic perspective leads to substantial progress on the EFX problem, raising the question of whether a similar approach can advance our understanding of PMMS. Motivated by this, we initiate the study of EPMMS, the epistemic relaxation of PMMS. EPMMS is more challenging than EEFX: the key approaches underlying recent progress on epistemic EFX inherently fail to extend to EPMMS. We establish the following results. (1) For additive valuations, $4/5$-EPMMS allocations exist and can be efficiently computed. (2) For bivalued valuations, EPMMS allocations exist and can be efficiently computed; in fact, we obtain the stronger guarantee of epistemic groupwise maximin share (EGMMS), which also strengthens the existence of MMS allocations for this setting. (3) We prove that EPMMS allocations exist in two settings where MMS allocations need not exist: instances with three additive agents or two types of additive agents.

Genomic archives grow faster than decompression keeps up: the European Nucleotide Archive holds tens of petabytes of fastq.gz, and gzip is fundamentally sequential. GPU decompressors (nvCOMP DEFLATE at ~50GB/s on A100) decode whole files with no random access; CPU genomic tools (CRAM, samtools) support region seeks but only at CPU speed. We extend ACEAPEX, an absolute-offset parallel LZ77 codec included in the official lzbench 2.3 release, with three contributions absent from our prior work. First, a full device-resident GPU decode pipeline (entropy and match resolution both on-device) reaching up to 260GB/s on FASTQ, closing the match-phase-only gap of the earlier paper. Second, position-invariant random access with a compact coordinate index: an arbitrary read decodes in 0.362ms, ~6x faster than warm samtools faidx, with a read-to-block index 6.3x smaller than a .fai. Third, a range-decode strategy that decouples output size from VRAM, sustaining 165.7GB/s on a 50GB genome where whole-file decode runs out of memory. All results are bit-perfect. We also measure Meta's open DietGPU ANS on H100 at 592GB/s decode, faster than the proprietary entropy stage we currently use, showing a fully open high-throughput stack is viable. Code is MIT-licensed.

For strings $u, D \in Σ^*$, a subsequence embedding of $u$ in $D$ is a function $e \colon \{1, 2, \ldots, |u|\} \to \{1, 2, \ldots, |D|\}$ with $e(i) < e(i+1)$ for every $i \in \{1, 2, \ldots, |u|-1\}$ and the $i$-th symbol of $u$ equals the $e(i)$-th symbol of $D$. A gap-constraint for $u$ is a triple $(i, j, L)$ with $1 \leq i < j \leq |u|$ and $L$ is a regular language over $Σ$. An embedding $e$ satisfies a gap-constraint $(i, j, L)$ if the factor of $D$ strictly between positions $e(i)$ and $e(j)$ is a word from $L$. We investigate the subsequence matching problem with gap-constraints, which is relevant in the context of complex event recognition (CER): given $u, D \in Σ^*$ and a set $C$ of gap-constraints, find an embedding of $u$ in $D$ that satisfies all gap-constraints from $C$. In general, subsequence matching is NP-complete and the only known tractable variants restrict the interval structure of the gap-constraints. In this work, we show that we can solve subsequence matching with gap-constraints with an arbitrary interval structure rather efficiently (in fact, optimally under SETH) in time $O(|D| (|u| + |C|))$ if the gap-constraint languages satisfy a property which we dub left-convexity: whenever $u v w \in L$ and $v \in L$, then also $uv \in L$. Left-convex languages are sufficiently expressive to model interesting real-world scenarios considered in CER, e.g., length constraints $L = \{w \mid a \leq |w| \leq b\}$ for $a, b \in \mathbb{N}$. We also show how our algorithm can be used in order to efficiently enumerate all satisfying embeddings, which is particularly relevant for possible applications in CER. Finally, we show how non-left-convex languages can lead to intractability, i.e., if in addition to length constraints we allow $\{aa, ε\}$ as the only non-left-convex constraint language, then the problem is NP-complete again.

When a single software artifact changes - a requirement, a configuration value, or a function - engineers must determine what else is impacted. Existing change-impact-analysis (CIA) tooling tends to rely on one of two signals in isolation: semantic similarity recovered from text (information-retrieval traceability, code search, embeddings), or structural dependency following (call graphs, IDE "find usages", test-impact selection). Each has a characteristic blind spot. A semantically driven tool misses an impacted artifact whose text shares no vocabulary with the change; a structurally driven tool misses artifacts related in meaning but not joined by an edge, and most operate only over code rather than the Requirement-Config-Service-Test chain. We argue for a training-free and interpretable analyzer that fuses both signals over the same embeddings. We model the system as a heterogeneous artifact graph with typed edges recovered by static analysis, compute a semantic prior by cosine similarity to the changed artifact, propagate impact multi-hop with decay over a row-normalized propagation matrix, and blend the two with a single tunable weight lambda. A small but complete proof-of-concept on a payment subsystem (5 labelled change scenarios) shows the mechanism we care about: artifacts with zero textual overlap with the change are still recovered through propagation, and helper functions that propagation alone cannot reach are recovered through the semantic layer. The fusion is the only configuration that covers both blind spots, and lambda acts as an explicit precision/recall control. Drawing on four publicly documented production failures, we argue that the same formulation extends to operational artifacts (images, metrics, dashboards, data schemas) that code-only analysis cannot reach.

The rapid growth of large language model (LLM) inference is creating significant data-center loads that face increasing energy-management challenges under tightening grid conditions and demand response (DR) requirements. Conventional data-center energy management mainly relies on temporal and spatial workload shifting and campus-level energy asset scheduling, but it usually treats LLM inference demand as an aggregate load. As a result, these approaches fail to exploit the internal characteristics of LLM serving and therefore overlook the flexibility offered by LLM-specific techniques such as model quantization. To unlock this flexibility, this paper proposes a quantization-enabled energy management framework for grid-responsive LLM inference data centers. First, a quantization-to-power model is established to map each model--quantization configuration to a compact set of dispatchable parameters. Second, a two-stage quantization-enabled DR model is developed to account for model instance switching, request routing, and precision selection. Third, a multi-campus co-optimization method is introduced for DR participation by integrating grid-side electricity and carbon signals with the quantization-enabled DR model. Case studies show that the proposed framework reduces total data-center operating cost by 34.3\% without curtailing served token volume, validating model quantization as an effective flexibility lever for grid-responsive LLM data-center energy management.

This letter proposes a learn-to-optimize (LTO) architecture for distributed optimal power flow (D-OPF) as the nexus between data-driven and model-based methods. By unfolding alternating direction method of multipliers (ADMM) into a deep neural network (NN) and embedding differentiable optimization layers, our architecture realizes near-instantaneous interpretable distributed decision-making. For mainstream relaxed formulations of D-OPF, the decisions from our architecture achieve comparable optimality with that of state-of-the-art solvers and excelled feasibility compared with existing data-driven approaches. Comparative case studies underpin the effectiveness of our architecture regarding the optimality and feasibility.

Recommender systems have a wide area of application, e.g. in fields like video streaming, social media, or digital marketplaces. But, for a recommender-system, finding the right algorithm with the right hyperparameters is a reoccurring challenge. There is no one-fits-all solution, since the performance of one algorithm can vary immensely on different data sets. Due to the challenges of finding the right algorithm and the broad use of recommender-systems, it is of interest to create an Automated Recommender System (AutoRecSys) that takes on the task of finding the right algorithm-hyperparameter-combination for a given data set. In this work, we present the enhancement of LensKit-Auto, a framework introduced by Vente et al., that solves exactly this task of finding a fitting algorithm-hyperparameter-combination. LensKit-Auto's biggest strength lies in its ease of use, where it operates as a black-box, into which the user can feed their data set and receive the information of which algorithm and hyperparameters work best on this data set. In this work, we bring LensKit-Auto up to date, so that it works with the new version of its underlying framework, LensKit. We also implement further functionalities, such as the Tree Parzen Estimator as an additional optimization method, the ability to reuse the found algorithm, updated documentation, and the ability to visualize the optimization process. We also adapt an existing meta-learning framework to generate a suitable meta-dataset for LensKit-Auto, which could enable the integration of meta-learning into LensKit-Auto in the future. The presented changes bring LensKit-Auto up to date and enhance its usability, so that even non-experts in the field can find the right algorithm for their use case.

How vulnerable are online social networks to adversaries who seek to amplify opinion polarization by manipulating opinions, and how difficult is it to mitigate such manipulation? Existing studies have examined this question using mathematical models of opinion dynamics. While these models offer valuable theoretical insights, they rely on simplified assumptions about interactions, message content, and opinion updates, limiting the adversarial strategies they can capture and the applicability of their findings to real-world settings. Large language model (LLM)-based simulations provide a richer alternative: agents can be assigned diverse personas, communicate through natural language, and respond to persuasive or adversarial content in a context-dependent way. This enables the study of manipulation strategies that are difficult to represent using classical mathematical models. To the best of our knowledge, this study provides the first systematic analysis of polarization amplification and mitigation in an LLM-based simulated social network framework. In our framework, LLM agents with diverse personas interact over a social network by exchanging natural language posts and updating their opinions accordingly. We show that even an adversary with a limited manipulation budget can considerably increase polarization. We then study two classes of defense mechanisms: reactive mitigations, which assign specific users to actively counter manipulation, and proactive interventions, which increase resistance through general mechanisms not tied to particular users. Our results show that although these mechanisms reduce the impact of adversarial attacks, they generally do not restore the network to its baseline polarization state. These findings suggest that neither approach fully overcomes the vulnerability of the network, highlighting the potential risk of such attacks.

Power system benchmarks usually evaluate numerical solvers, prediction models, or sequential controllers. These benchmarks are necessary, but they do not directly test whether a Large Language Model (LLM) agent can execute an engineering workflow: inspect a grid case, select tools, call simulators, screen contingencies, propose admissible mitigations, validate results, and produce an auditable evidence trail. This paper introduces PowerAgentBench-SS, a steady-state benchmark framework for evaluating tool-using agents in power system operation and planning studies. The benchmark exposes public case data, action constraints, a tool API, and a validation budget to an agent, while a hidden evaluator recomputes physical validity and scores the submitted report. We define the agent interface, tool contract, evidence log, and risk-sensitive metrics, including submitted recall, evidence-backed recall, found recall, false-safe penalties, severity regret, residual violation score, action cost, tool-use efficiency, and workflow diagnostics. To make the framework concrete, we instantiate the protocol in a reproducible DC thermal N-2 contingency-search pilot on deterministic IEEE 39-bus operating-point variants, with scripted baselines, an LLM JSON-command adapter, three locally hosted Ollama LLM agents, and one OpenAI API agent. The results show why solver-only or answer-only evaluation is insufficient: agents are distinguished not only by top-contingency discovery, but also by validation-budget use, explicit submission, type coercions, duplicate validations, evidence-backed reporting, and mitigation behavior.

Low-Rate Denial of Service (LDoS) attacks pose a significant challenge to IoT networks due to their subtle and prolonged nature, often evading traditional intrusion detection systems. This paper presents IDQS (Intrusion Detection via QoS Prediction), a lightweight and proactive framework for early LDoS attack detection. IDQS integrates two new key components: (i) RTP-QoS, a Recurrent Trend Predictive Neural Network that learns and forecasts future Quality of Service (QoS) based on historical traffic patterns, and (ii) PDM, a Pairwise Decision Model that evaluates discrepancies between predicted and actual QoS to identify potential attacks. Evaluated on the public SDN-SlowRate-DDoS and CIC-IDS2017 datasets, IDQS respectively achieves over 79% and 91% detection accuracy across most attack scenarios with high recall and low false negatives, while maintaining an end-to-end inference time of just 0.28 seconds. The results demonstrate the effectiveness and efficiency of IDQS for real-time deployment in resource-constrained IoT environments.

This study analyzes the feasibility of supporting critical V2X services using 5G network-based Vehicle-to-Network-to-Vehicle (V2N2V) communications. The study evaluates the end-to-end latency of 5G V2N2V communications under different network deployments in single and multi-operator scenarios. The study shows that critical V2X services can be supported using 5G V2N2V communications over MEC-based network deployments. However, this requires the use of local peering points and shared data centers or MEC federation to address challenges arising from asymmetric network deployments. This opens the possibility for V2N2V communications to complement direct Vehicle-to-Vehicle (V2V) connections for increased reliability or to offload traffic under sidelink network congestion.

Factories are undergoing a digital transformation towards cost-efficient, zero-defect manufacturing, creating the need for communication networks capable of meeting stringent latency and reliability requirements. 5G and beyond networks are being designed to support Ultra-Reliable Low-Latency Communications (URLLC). However, the use of dynamic scheduling for uplink transmissions introduces additional latency due to the signaling required to request and allocate radio resources. To reduce this latency, 5G NR defines Configured Grant (CG), which pre-allocates uplink resources and eliminates the need for per-packet scheduling requests. Accurate simulation tools implementing URLLC features are essential to evaluate the capability of 5G networks to support time-critical services and to investigate new solutions. Nevertheless, the availability of such tools is limited and, to the best of the authors' knowledge, no open-source 5G NR simulator currently supports CG. To address this gap, this paper presents the first implementation of CG in an open-source 5G NR simulator. Specifically, CG has been integrated into the ns-3 5G-LENA system-level simulator and made publicly available. In addition, the Orthogonal Frequency Division Multiple Access (OFDMA) implementation has been enhanced to better reflect the flexibility of 5G NR. The implementation is validated through Industry 4.0 scenarios, where the latency performance achieved with CG under different scheduling policies is analyzed. Results show that the latency obtained with 5G-LENA closely matches that reported in previous analytical studies. Furthermore, the study highlights the importance of efficient radio resource utilization to reduce latency and satisfy the requirements of critical industrial services.

5G is a fundamental technology for the full digitalization of smart manufacturing. The use of Asset Administration Shells (AAS) can facilitate the integration of 5G with Industry 4.0 systems and applications while minimizing the complexities associated with the 5G network management. This study presents the design and implementation of the first full 5G system AAS that is openly released to the community [1]. It includes a 5G UE (User Equipment) AAS and a 5G NW (network) AAS that have been designed following the 5G-ACIA guidelines as well as the Plattform Industrie 4.0 and 3GPP standards. The AASs have been defined to provide and expose the data and capabilities of 5G necessary to facilitate the integration of 5G with Industry 4.0 systems and applications.

We derive a one-dimensional model for heat transfer in a moving fluid incorporating Fourier conduction, an exponentially decaying memory term, and advection under thermally insulated boundary conditions. We numerically construct a bounded state feedback law driving the closed-loop solution to zero exponentially with decay rate at least $ω>0$ for every initial state, i.e., we solve the $ω$-stabilization problem. We explicitly describe the eigenvalues of the state operator $A$, a subset of which converges to a finite negative accumulation point that sets the upper bound on the achievable decay rate. Since $A$ lacks compact resolvent, we show that the spectrum is the closure of its eigenvalues, each of finite algebraic multiplicity, and use this to verify stabilizability. For $ω$ below the accumulation bound, the problem is solvable provided the control operator $B$ satisfies a non-orthogonality condition. To compute gains, we formulate an LQR problem and solve finite-dimensional approximations: for each $n$ we construct $A_n$, $B_n$ approximating $A$, $B$ and solve the associated algebraic Riccati equation for a gain $K_n$. We show that, for all sufficiently large $n$, $K_n$ can be chosen so every eigenvalue of $A_n+B_nK_n$ satisfies $\operatorname{Re}λ<-ω$, and we establish stabilizability of $(A_n+ωI,B_n)$ uniformly in $n$. Hence, for large $n$, these gains solve the $ω$-stabilization problem for the original system. We validate the results numerically with an example.

Current large language model (LLM) inference systems universally deploy ultra-large-scale models using a combination of Tensor Parallelism (TP) and Pipeline Parallelism (PP). However, existing systems treat the model parallelism topology as a static configuration that cannot be flexibly adjusted at runtime. This rigid design creates a fundamental contradiction with the dynamically changing inference workloads in real-world scenarios. State-of-the-art systems lack online reconfiguration capabilities and can only switch configurations by restarting the service, resulting in several minutes of service interruption, KV cache loss, and prohibitive recomputation overhead. To address this problem, this paper presents ReMP, a runtime model parallelism reconfiguration framework that supports low downtime. ReMP achieves dynamic adjustment through three key techniques: (1) decoupling the model parallelism topology from runtime state to avoid full service reconstruction; (2) designing a two-dimensional KV cache migration mechanism to preserve reusable cache states after TP/PP changes; and (3) implementing end-to-end online reconfiguration. Experiments demonstrate that ReMP can complete most topology switches within 1-7 seconds on models ranging from 7B to 70B parameters, achieving speedups of tens to over a hundred times compared to the restart approach. Moreover, ReMP significantly outperforms fixed configurations under dynamic workloads, delivering superior performance in terms of TTFT, TPOT, and output throughput.

Australia depends on an Internet built from multiple networks of long-haul links. We study the interactions of these independent provider networks to investigate how the peering between these networks provides redundancy for failures on a single network, as well as the potential vulnerabilities introduced by failures of Shared Risk Link Groups (SRLGs), whereby ostensibly independent links of different providers fail simultaneously due to joint physical dependencies such as shared conduits. We introduce a generalised multilayer network model in which each layer represents the network of an individual Internet Service Provider (ISP), along with an Internet Exchange Point (IXP) layer that facilitates interconnections between ISP networks. We construct an Australia-specific model, consisting of six major ISPs. A failure analysis is performed on this network, revealing that diversity provides redundancy, even in the presence of shared risks, indicating the importance of a diverse network ecosystem.

Distributed large language model (LLM) inference frameworks connect isolated consumer-grade devices for large-scale model inference, substantially reducing hardware constraints. However, recent studies show that intermediate embeddings transmitted among participants can leak private prompts. As LLMs evolve into multimodal LLMs (MLLMs), this risk extends beyond text: image prompts contain rich visual and semantic information, making their intermediate embeddings highly privacy-sensitive. Yet, image-prompt leakage in distributed MLLM inference remains largely unexplored. In this paper, we investigate privacy risks to input images caused by intermediate embeddings in distributed MLLM frameworks. We first analyze the information flow from image pixels to intermediate representations. Since image and text embeddings are often intertwined across MLLM layers, we design an image embedding extraction algorithm as a prerequisite for reconstruction attacks, achieving 100% extraction accuracy across almost all MLLM layers in our experiments. Building on this, we develop two passive black-box image reconstruction attacks, MPAA and IEDA, reflecting realistic threats from normal participants with limited knowledge and capability. MPAA performs fine-grained pixel-level reconstruction via patch-wise information extraction and assembly, while IEDA performs coarse-grained semantic reconstruction through embedding-guided diffusion generation. We evaluate our attacks on four representative MLLM families: Gemma 3, Phi 4 Multimodal, Qwen 2.5 VL, and Llama 4 Scout. Results show consistently superior reconstruction performance in various settings. We further analyze the effects of MoE architecture, image preprocessing, model size, and text-image dependency on attack performance. To our knowledge, this is the first study of image reconstruction attacks on MLLMs.

Cartesian tree matching (CTM) is a structural pattern matching approach that identifies sequences with the same Cartesian tree topology, making it suitable for data with natural variability where exact comparisons carry little semantic meaning. While theoretical algorithms for CTM have been studied extensively, systematic empirical evaluations of practical implementations remain rare. This article presents an implementation of the Cartesian Extended Burrows-Wheeler Transform (ceBWT), a BWT-based index structure for CTM. The implementation supports both a dynamically extendable and a statically compressed index variant.

Data-driven learning analytics can surface trends across a student cohort over time, helping instructors improve the learning environment. WordStream, a visualization idiom for topic evolution, has been instantiated in two platforms toward this goal: the Journal Data Dashboard, for analyzing formative assessments, and WordStream Maker, for authoring custom visualizations. Where the prior work built these platforms for education (Vis4Ed), here we examine the reverse direction (Ed4Vis): what can qualitative education research tell us about building better visualization tools? We conducted a mixed-methods expert study (n=10) in which STEM education researchers with expertise in qualitative methods and classroom assessment used both platforms to analyze student journal responses from a data visualization course. Across two cycles of thematic analysis with confirmatory checking, we report themes spanning tool experience, disciplinary context of use, and, most importantly, a core epistemological dissensus. Some instructor-researchers regarded frequency-based visualization as a productive entry point to qualitative analysis; others cautioned it can obscure rare but critical responses. We synthesize these findings into design implications for future tools that better integrate quantitative technique with qualitative inquiry. All Supplementary Materials are available at https://osf.io/z2f8d.

Large language model (LLM)-based applications rely on system prompts to encode core logic and developer-defined constraints, making these prompts important intellectual property. However, system prompts are vulnerable to prompt leaking attacks. Although prior work has shown such attacks in controlled settings, their prevalence, causes, and defenses in real-world deployments remain unclear. This paper presents a systematic study of prompt leaking in real-world LLM-based applications. We measure 1,200 applications across six major commercial platforms and find that over 80% of deployments leak system prompts under realistic adversarial queries, sometimes exposing sensitive information such as third-party API keys. We also show that existing defenses often fail to prevent leakage without degrading usability. To explain these failures, we conduct an attention-level mechanistic analysis and identify attention drift, where query-key alignment bias and softmax amplification cause LLMs to progressively ignore defensive constraints. Guided by this insight, we propose AREA, a practical defense that re-anchors the model's attention using an optimizable soft prompt. Experiments and real-world case studies show that AREA matches the leakage resistance of state-of-the-art defenses while improving average usability by over 33% and reducing optimization overhead by nearly 3x. Our responsible disclosure led two affected vendors to classify these leaks as medium-severity vulnerabilities.

AI web agents can perform complex, multi-step tasks such as searching for products, comparing options, and making purchases on behalf of users. However, verifying the correctness of an agent's output remains difficult. Existing transparency mechanisms, including full trajectory logs, source links, screenshots, and LLM-generated summaries, treat verification as a passive reading task, leaving users to sift through overwhelming logs or trust potentially unfaithful explanations. We present HANSEL (Highlighting Agent Navigation Steps as Evidence Links), a system that extracts interactive, verifiable evidence from web-agent trajectories. Given an agent trajectory, HANSEL extracts evidence pages and snippets and presents them as navigable, interactive views with relevant page state preserved (e.g., applied filters, search queries, and scroll positions), enabling users to verify how the agent arrived at its answer. When the agent's answer cannot be traced to any visited page, HANSEL explicitly flags this gap. A technical evaluation on 45 tasks from AssistantBench and Online-Mind2Web shows that HANSEL achieves 83.7% precision and 88.8% recall in identifying evidence pages, while reducing trajectory volume by 61.6%. In a controlled user study with 14 participants, HANSEL significantly reduced task completion time and perceived effort compared to a standard agent interface, while participants rated it significantly higher on usability, verification ease, and error identification. Our results demonstrate that reframing verification as an interactive activity, rather than passive consumption of agent explanations, leads to more efficient human oversight of AI agents.

We study the fair allocation of indivisible goods among agents, with a focus on limiting envy. A central fairness notion is envy-freeness up to any good (EFX), which requires that any envy toward another agent vanishes after the removal of any single good from the latter's bundle. The existence of EFX allocations is considered a major open problem in fair division. So far, it has only been established in limited settings. Christodoulou et al. [2023] proved the existence of EFX allocations for graphical valuations. In this setting, the agents correspond to the nodes of an underlying graph, and the goods correspond to the edges, and any good has positive value only for the endpoints of the corresponding edge. Their proof crucially relies on the restriction that the graph is simple, meaning that for any pair of agents, there is at most one good that has value to both. For multigraph valuations, where multiple goods may be valued by the same pair of agents, only partial results are known. Amanatidis et al. [2024] and Kaviani et al. [2025] obtained 2/3 and sqrt(2)/2 approximations of EFX, respectively; Kaviani et al. [2024] established existence under restricted additive valuations; and Afshinmehr et al. [2025a] proved existence under the assumption that the shortest cycle containing non-parallel edges has length at least 4. In this paper, we resolve this open problem by proving the existence of EFX allocations for multigraph instances under cancelable valuations, a strict superclass of additive valuation functions. Our proof is algorithmic and computes such allocations in polynomial time when the valuation functions are cancelable. This work contributes to the small number of EFX existence results that apply to an arbitrary number of agents.

A recent line of work motivated by cryptographic applications has studied the complexity of the Lattice Isomorphism Problem (LIP). In this work, we study LIP on self-dual lattices $\cal{L} \subset \mathbb{R}^n$, which appear naturally in many applications. Our main results are a $2^{n/2 + o(n)}$-time randomized algorithm for LIP and a $\mathsf{coNP}$ protocol for LIP on a broad class of self-dual lattices. These results extend recent work on ZLIP, the problem of deciding whether a lattice is isomorphic to $\mathbb{Z}^n$. In particular, the former result extends the $2^{n/2 + o(n)}$-time algorithms for ZLIP of Bennett, Ganju, Peetathawachai, and Stephens-Davidowitz (Eurocrypt, 2023) and of Ducas (Des. Codes Cryptogr., 2024). The latter result extends the $\mathrm{ZLIP} \in \mathsf{coNP}$ result of Hunkenschröder (Math. Prog. Series A, 2024). Our results leverage two key structural properties of self-dual lattices $\cal{L} \subset \mathbb{R}^n$: (1) every such lattice $\cal{L}$ is isomorphic to $\cal{L}_0 \oplus \mathbb{Z}^r$ for some self-dual lattice $\cal{L}_0$ with $λ_1(\cal{L}_0)^2 \geq 2$, and (2) every such lattice $\cal{L}$ has \emph{characteristic vectors}, i.e., there exist vectors $\mathbf{w} \in \cal{L}$ such that for every $\mathbf{v} \in \cal{L}$, $\langle\mathbf{v}, \mathbf{w}\rangle \equiv \langle\mathbf{v}, \mathbf{v}\rangle \pmod{2}$. Our results use a line of work by Elkies and Gaulter on lattices with long shortest characteristic vectors, and can be strengthened assuming a positive answer to a related question of Elkies (Math. Res. Lett., 1995). We also study Permutation Code Equivalence (PCE) on self-dual codes, and we observe that similar structural properties imply a polynomial-time algorithm for PCE on certain such codes. This gives a natural class of codes with large hull for which PCE is easy.

In enterprise environments, multiple Advanced Persistent Threat (APT) campaigns often unfold concurrently, producing audit logs in which attack techniques across actors (sources) are interleaved over time. This setting naturally gives rise to an Unknown-K Interleaved Sequence Demixing (UKISD) problem: recovering multiple latent campaigns from an interleaved technique sequence while jointly inferring their number and technique-level assignments. Existing approaches, ranging from statistical pattern mining to provenance-based analysis, typically assume single-campaign settings or rely on rigid heuristics, limiting their effectiveness under realistic conditions involving overlapping campaigns, shared techniques, and variable execution lengths. We present Topic-Guided Consistency Modeling (TGCM), a generative disentanglement framework to tackle the UKSID problem. TGCM leverages Consistency Models to learn a direct inverse mapping from interleaved multi-campaign observations to structured single-campaign sequences in a single inference step. To favor semantically coherent attack chains, TGCM incorporates a topic-guided prior derived from MITRE ATT\&CK narratives, providing high-level tactical constraints during decomposition. We evaluate TGCM on synthetic datasets, established mixed datasets, and incident traces from DARPA TC-E3 and TC-E5, comparing against 15 representative baselines spanning pattern mining, deep learning, and LLM-based methods. Results indicate improved separation robustness over baselines under heavy interleaving and technique sharing, and show that TGCM generalizes zero-shot to a naturally interleaved in-the-wild benchmark (DARPA TC-E5) without retraining.

Hybrid classical-quantum computing requires frequent data exchange between classical processors and quantum control hardware. However, existing superconducting quantum control systems are commonly connected through loosely coupled interfaces such as Ethernet, resulting in high communication latency and limited task throughput. To address this issue, we present HI-HCQC, an RFSoC-based hardware interface for tightly coupled hybrid classical-quantum computing. HI-HCQC integrates high-speed RF-DACs, RF-ADCs, programmable logic, embedded processors, clock synchronization circuits, and a PCIe Gen3 x8 interface, enabling direct microwave pulse synthesis, qubit readout, and high-throughput data transfer between host servers and quantum measurement-control units. Experimental results show that HI-HCQC supports six control channels and one multiplexed readout channel, achieves stable microwave generation and acquisition, and successfully performs qubit spectroscopy, Rabi oscillation, T1 measurement, single-shot readout, randomized benchmarking, and CZ-gate characterization. Compared with a conventional control system, HI-HCQC reduces end-to-end execution latency for representative quantum gate and circuit tasks and significantly improves task throughput. These results demonstrate that PCIe-coupled RFSoC control hardware provides a practical foundation for scalable and efficient hybrid classical-quantum computing systems.