In adversarial contexts, success often hinges on understanding not just what the opponent knows, but what they believe and how they revise those beliefs. This study investigates how large language models can be made more resilient and strategically capable by modeling the opponent’s reasoning using Bayesian belief revision. By formalizing negotiations as Bayesian games of incomplete information, it is shown that models equipped with belief revision are better able to counter deceptive or willful-thinking adversaries. The findings underscore the role of second-order reasoning in adversarial settings, with implications for social manipulation in the context of, for example, online communication and intelligence gathering.

This paper investigates how large language models can be steered to act more strategically in text-based negotiation settings. Two prompt-based action space designs are compared, namely emotional tone prompts and explicit offer prompts, within a negotiation environment, and outcomes are compared in simulated dialogues. The results show that both approaches improve strategic outcomes compared to a baseline, with tone-based actions yielding higher agreement rates and offer-based actions providing more stable tradeoffs. These findings demonstrate how action space design influences agent behavior, providing insights for deployment of large language models in strategic negotiation scenarios to gain an advantage in, for example, online influence operations.

We consider the problem of how to move active sonars unpredictably in pursuit of a stealthy underwater vehicle. The search problem is formalized as an imperfect-information game played on a discretized nautical chart with fine-grained hydroacoustics. The game is solved approximately using public belief states and self-play following a game-theoretically sound approach. The solution method is shown empirically to approximate the Nash equilibrium in a restricted scenario small enough to be solvable with tabular methods from algorithmic game theory.

The digitalization of our societies makes them increasingly vulnerable to emerging cyberthreats. These cyberthreats can manifest themselves in the form of organized, sophisticated, and persistent threat actors, as well as nonadversarial mistakes. Staff involved in responding to cyberthreats and handling incidents in organizations need cyber situation awareness. This paper presents a case study on what challenges members of staff involved in cybersecurity in a large, complex organization experience when developing cyber situation awareness while handling a remote code execution vulnerability in the form of Log4Shell. Two types of qualitative empirical material were used for the case study, data collected through semi-structured interviews with ten informants, and internal documentation. The empirical material was analyzed to create a timeline of events in the organization. The results show how information about the threat spread throughout the organization, the types of artifacts that served as common operational pictures, and the role played by information sharing in maintaining staff cyber situation awareness. Three major challenges to the organization were found: (i) information sharing among staff was not effortless, (ii) there was no organization-wide common operational picture established, and (iii) inaccurate information was shared. This study adds a real-world contribution to the literature on organizational handling of cyberthreats.

In the realm of cybersecurity, leveraging machine learning holds promise for advancing threat detection capabilities. Yet, the sheer volume of unlabeled data presents a challenging hurdle to efficient data management. This chapter delves into the efficacy of active learning methodologies in alleviating the burden of manual data labeling. By employing various query strategies, the study identifies the most informative unlabeled data points suitable for labeling. Examining the performance across different query strategies involved testing a transformer model's ability in discerning tweets referencing advanced persistent threats. In scenarios where labeled training data is scarce, the results suggest that the K-means diversity-based query strategy outperforms both the uncertainty-based approach and the random data point selection. Furthermore, the study investigated the cost-effective active learning paradigm, which integrates high-confidence data points into the training dataset. Surprisingly, this approach emerged as the least effective strategy. In summary, the findings not only explain the potential of active learning in cybersecurity, but also underscore the importance of strategic data selection in optimizing model performance. 

Large language models are often equipped with safety alignment mechanisms designed to prevent generation of harmful or other unwanted content. However, an increasing number of jailbreaking techniques attempt to circumvent these safeguards, raising significant safety concerns. This paper introduces an open-source evaluation framework that analyzes jailbreaking effectiveness in several dimensions: refusal bypass rate, harmful response quality, impact on general model capabilities, and computational cost. In the study, prompt injection, sampling exploits, and model manipulation techniques are examined across four open-weight instruction-tuned large language models. The results demonstrate that high refusal bypass does not necessarily equate to practical safety compromise. Specifically, model manipulation methods like single refusal direction ablation achieve a high attack success rate, but often degrade general capabilities and require significant computational resources. Meanwhile, sampling-based exploits show a minimal practical threat when assessed with a robust model classifier. The findings emphasize the importance of comprehensive, multi-dimensional evaluation to accurately characterize jailbreaking effectiveness and safety risks in large language models.

The combination of reinforcement learning and look-ahead search introduced in AlphaGo, has revolutionized our understanding of tactics and strategy in classical strategy games such as Go and chess. Until recently, this pioneering approach has been limited to perfect information games, where players have full information about the current state of the game. This paper investigates the recent generalization of reinforcement learning with search to imperfect information games, such as poker, where parts of the game state, e.g., the opponent’s hand, is hidden from the player. The paper explores how well this approach scales as the amount of hidden information increases. To this end, the current state of the art in reinforcement learning with search, the student of games general learning algorithm, is reproduced and evaluated across three variants of a custom poker game, each differing by the number of hidden cards dealt to players. It is found that games with less hidden information are learned more effectively, and that computational demands scale sublinearly with increasing hidden information.

In recent years, the Swedish public sector has undergone rapid digitalization, while cybersecurity efforts have not kept even steps. This study investigates conditions for cybersecurity work at Swedish administrative authorities by examining organizational conditions at the authorities, what cybersecurity staff do to acquire the cyber situation awareness required for their role, as well as what experience cybersecurity staff have with incidents. In this study, 17 semi-structured interviews were held with respondents from Swedish administrative authorities. The results showed the diverse conditions for cybersecurity work that exist at the authorities and that a variety of roles are involved in that work. It was found that national-level support for cybersecurity was perceived as somewhat lacking. There were also challenges in getting access to information elements required for sufficient cyber situation awareness.

In the domain of cybersecurity, machine learning can offer advanced threat detection. However, the volume of unlabeled data poses challenges for efficient data management. This study investigates the potential for active learning to reduce the effort required for manual data labeling. Through different query strategies, the most informative unlabeled data points were selected for labeling. The performance of different query strategies was assessed by testing a transformer model's ability to accurately distinguish tweets mentioning names of advanced persistent threats. The findings suggest that the K-means diversity-based query strategy outperformed both the uncertainty-based approach and the random data point selection, when the amount of labeled training data was limited. This study also evaluated the cost-effective active learning approach, which incorporates high-confidence data points into the training dataset. However, this was shown to be the least effective strategy.

Recent experimental studies have explored how well adaptive honeypot allocation strategies defend against human adversaries. As the experimental subjects were drawn from an unknown, nondescript pool of subjects using Amazon Mechanical Turk, the relevance to defense against real-world adversaries is unclear. The present study reproduces the experiments with more relevant experimental subjects. The results suggest that the strategies considered are less effective against attackers from the current population. In particular, their ability to predict the next attack decreased steadily over time, that is, the human subjects from this population learned to attack less and less predictably.