A new technical paper, “Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems,” was published by the University of Texas, Austin, Intel Labs, Symmetry Systems, Microsoft and Georgia Tech.
Abstract
“Rapid progress in generative AI has given rise to Compound AI systems – pipelines comprised of multiple large language models (LLM), software tools and database systems. Compound AI systems are constructed on a layered traditional software stack running on a distributed hardware infrastructure. Many of the diverse software components are vulnerable to traditional security flaws documented in the Common Vulnerabilities and Exposures (CVE) database, while the underlying distributed hardware infrastructure remains exposed to timing attacks, bit-flip faults, and power-based side channels. Today, research targets LLM-specific risks like model extraction, training data leakage, and unsafe generation — overlooking the impact of traditional system vulnerabilities.
This work investigates how traditional software and hardware vulnerabilities can complement LLM-specific algorithmic attacks to compromise the integrity of a compound AI pipeline. We demonstrate two novel attacks that combine system-level vulnerabilities with algorithmic weaknesses: (1) Exploiting a software code injection flaw along with a guardrail Rowhammer attack to inject an unaltered jailbreak prompt into an LLM, resulting in an AI safety violation, and (2) Manipulating a knowledge database to redirect an LLM agent to transmit sensitive user data to a malicious application, thus breaching confidentiality. These attacks highlight the need to address traditional vulnerabilities; we systematize the attack primitives and analyze their composition by grouping vulnerabilities by their objective and mapping them to distinct stages of an attack lifecycle. This approach enables a rigorous red-teaming exercise and lays the groundwork for future defense strategies.”
Find the technical paper here. March 2026.
Banerjee, Sarbartha, Prateek Sahu, Anjo Vahldiek-Oberwagner, Jose Sanchez Vicarte, and Mohit Tiwari. “Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems.” arXiv preprint arXiv:2603.12023 (2026).
Leave a Reply
Facts Only
* The University of Texas, Austin, Intel Labs, Symmetry Systems, Microsoft and Georgia Tech collaborated on a new technical paper.
* The paper’s title is “Cascade: Composing Software-Hardware Attack Gadgets for Adversarial Threat Amplification in Compound AI Systems.”
* The paper was published in March 2026.
* The research focuses on Compound AI systems, which include multiple large language models, software tools, and database systems.
* The research identifies vulnerabilities in both software and underlying hardware.
* Two attacks were demonstrated: one involving code injection and a Rowhammer attack, and another manipulating a knowledge database.
* The first attack resulted in an AI safety violation through a jailbreak prompt.
* The second attack breached confidentiality by redirecting an LLM agent to transmit data.
* The research emphasizes a systematized approach to vulnerability analysis and attack lifecycle mapping.
* The paper is available as a preprint on arXiv: 2603.12023 (2026).
Executive Summary
Full Take
Sentinel — Uncertain
This analysis suggests the text exhibits characteristics consistent with a human-written technical report, primarily due to its systematic approach and clear articulation of complex technical concepts. However, the reliance on a future date and a standardized framing of vulnerabilities indicates a possible degree of synthetic assistance.
