{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T21:19:31Z","timestamp":1770844771893,"version":"3.50.1"},"reference-count":100,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T00:00:00Z","timestamp":1763510400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1109\/aiware69974.2025.00024","type":"proceedings-article","created":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T20:53:03Z","timestamp":1768855983000},"page":"149-159","source":"Crossref","is-referenced-by-count":0,"title":["Security in the Wild: An Empirical Analysis of LLM-Powered Applications and Local Inference Frameworks"],"prefix":"10.1109","author":[{"given":"Julia","family":"Gomez-Rangel","sequence":"first","affiliation":[{"name":"Texas A&M University-Corpus Christi,Department of Computer Science,Corpus Christi,USA"}]},{"given":"Young","family":"Lee","sequence":"additional","affiliation":[{"name":"Texas A&M University-San Antonio,Engineering and Mathematical Sciences,Department of Computational,San Antonio,USA"}]},{"given":"Bozhen","family":"Liu","sequence":"additional","affiliation":[{"name":"Texas A&M University-Corpus Christi,Department of Computer Science,Corpus Christi,USA"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Here are 18,369 public repositories matching this topic 11 m github.com","year":"2025"},{"key":"ref2","article-title":"Significant-Gravitas\/AutoGPT: AutoGPT is the vision of accessible AI for everyone, to use and to build on","volume-title":"Our mission is to provide the tools, so that you can focus on what matters. - github.com","year":"2025"},{"key":"ref3","volume-title":"reworkd\/AgentGPT: Assemble, configure, and deploy autonomous AI Agents in your browser. - github.com","year":"2025"},{"key":"ref4","volume-title":"Microsoft Copilot: Your everyday AI companion - copilot.microsoft.com","year":"2024"},{"key":"ref5","volume-title":"mckaywrigley\/chatbot-ui: AI chat for any model. - github.com","year":"2025"},{"key":"ref6","article-title":"lm-sys\/FastChat: An open platform for training, serving, and evaluating large language models","volume-title":"Release repo for Vicuna and Chatbot Arena. - github.com","year":"2025"},{"key":"ref7","volume-title":"GitHub Copilot: Your AI pair programmer - github.com","year":"2025"},{"key":"ref8","volume-title":"Cursor - the ai code editor","year":"2025"},{"key":"ref9","article-title":"Llms as research tools: A large scale survey of researchers\u2019 usage and perceptions","author":"Liao","year":"2024","journal-title":"arXiv preprint"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3652154"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3724420"},{"issue":"7","key":"ref12","doi-asserted-by":"crossref","DOI":"10.3390\/ai6070159","article-title":"Local ai governance: Addressing model safety and policy challenges posed by decentralized ai","volume":"6","author":"Sokhansanj","year":"2025","journal-title":"AI"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3712001"},{"key":"ref14","article-title":"From prompt injections to protocol exploits: Threats in 11 m -powered ai agents workflows","author":"Ferrag","year":"2025","journal-title":"arXiv preprint"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3708529"},{"key":"ref16","article-title":"Prompt injection attacks and defenses in llm-integrated applications","year":"2023","journal-title":"arXiv preprint"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3661167.3661221"},{"key":"ref18","article-title":"you still have to study\u201d-on the security of llm generated code","author":"Goetz","year":"2024","journal-title":"arXiv preprint"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690338"},{"key":"ref20","volume-title":"From prompt injections to sql injection attacks: How protected is your llm-integrated web application?","year":"2023"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.findings-acl.791"},{"key":"ref22","article-title":"Certifying 11 m safety against adversarial prompting","author":"Kumar","year":"2023","journal-title":"arXiv preprint"},{"key":"ref23","article-title":"Sok: Understanding vulnerabilities in the large language model supply chain","author":"Wang","year":"2025","journal-title":"arXiv preprint"},{"key":"ref24","article-title":"A comprehensive survey in 11 m (agent) full stack safety: Data, training and deployment","author":"Wang","year":"2025","journal-title":"arXiv preprint"},{"key":"ref25","article-title":"Jailbroken: How does 11m safety training fail?","volume":"36","author":"Wei","year":"2024","journal-title":"Advances in Neural Information Processing Systems"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3715007"},{"key":"ref27","volume-title":"GitHub Advisory Database - github.com","year":"2025"},{"key":"ref28","volume-title":"apace-lab\/Security_of_LPA_and_LIF-AIware2025 - github.com","year":"2025"},{"key":"ref29","volume-title":"Large language models as software components: A taxonomy for llm-integrated applications","author":"Weber","year":"2024"},{"key":"ref30","volume-title":"Whispers in the machine: Confidentiality in llm-integrated systems","author":"Evertz","year":"2024"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.59287\/icaens.1127"},{"key":"ref32","volume-title":"Tone Detector and Tone Suggestions - Grammarly - grammarly.com","year":"2025"},{"key":"ref33","volume-title":"Unlocking Efficiency: How Ava Became Our AI Productivity Partner - instacart.com","year":"2025"},{"key":"ref34","article-title":"Rising fast, prone to risk: How open-source 11 m -powered apps are designed and secured","volume-title":"Proceedings of the 2025 International Workshop on Artificial Intelligence \u00d7 Software Engineering (AIxSE)","author":"Gomezrangel","year":"2025"},{"key":"ref35","volume-title":"ollama\/ollama: Get up and running with Llama 3, Mistral, Gemma, and other large language models. - github.com","year":"2024"},{"key":"ref36","volume-title":"ggml-org\/llama.cpp: LLM inference in C\/C++ - github.com","year":"2025"},{"key":"ref37","volume-title":"Localai: The free, open source openai alternative","author":"Giacinto","year":"2023"},{"key":"ref38","volume-title":"OWASP Top 10 API Security Risks x2013; 2023 - OWASP API Security Top 10 - owasp.org","year":"2024"},{"key":"ref39","volume-title":"Api security: Latest insights & key trends - 2022 research report","year":"2024"},{"key":"ref40","first-page":"1","article-title":"Demystifying and detecting misuses of deep learning apis","volume-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering","author":"Wei","year":"2024"},{"key":"ref41","volume-title":"Risk-Assessment-Framework\/Raf-Scanner: Raf Scanner IDE","year":"2024"},{"key":"ref42","volume-title":"OWASP\/RiskAssessmentFramework: The Secure Coding Framework","year":"2024"},{"key":"ref43","first-page":"35","article-title":"A security api for distributed social networks","volume":"11","author":"Backes","year":"2011","journal-title":"Ndss"},{"key":"ref44","volume-title":"Detecting misuses of security apis: A systematic review","year":"2023"},{"key":"ref45","volume-title":"What is Apigee?: Google Cloud - cloud.google.com","year":"2024"},{"key":"ref46","volume-title":"Cloud Armor Network Security - cloud.google.com","year":"2024"},{"key":"ref47","volume-title":"reCAPTCHA - cloud.google.com","year":"2024"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3620666.3651380"},{"key":"ref49","article-title":"Muscle: A model update strategy for compatible 11 m evolution","author":"Echterhoff","year":"2024","journal-title":"arXiv preprint"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3643757"},{"key":"ref51","volume-title":"Beyond the comfort zone: Emerging solutions to overcome challenges in integrating llms into software products","author":"Nahar","year":"2024"},{"key":"ref52","volume-title":"The challenges of evaluating llm applications: An analysis of automated, human, and 11 m -based approaches","author":"Abeysinghe","year":"2024"},{"key":"ref53","volume-title":"Deconstructing the ethics of large language models from long-standing issues to new-emerging dilemmas: A survey","author":"Deng","year":"2024"},{"key":"ref54","volume-title":"PyCQA\/bandit: Bandit is a tool designed to find common security issues in Python code. - github.com","year":"2025"},{"key":"ref55","volume-title":"Docs home - Semgrep - semgrep.dev","year":"2025"},{"key":"ref56","volume-title":"protectai\/llm-guard: The Security Toolkit for LLM Interactions github.com","year":"2025"},{"key":"ref57","volume-title":"google\/osv-scanner: Vulnerability scanner written in Go which uses the data provided","year":"2025"},{"key":"ref58","volume-title":"OSV - Open Source Vulnerabilities - osv.dev","year":"2025"},{"key":"ref59","volume-title":"Agents \u2014 langchain.com","year":"2025"},{"key":"ref60","volume-title":"open-webui\/open-webui: User-friendly AI Interface (Supports Ollama, OpenAI API,\u2026 ) - github.com","year":"2025"},{"key":"ref61","volume-title":"ChatGPTNextWeb\/NextChat: Light and Fast AI Assistant. Support: Web - iOS - MacOS - Android - Linux - Windows github.com","year":"2025"},{"key":"ref62","article-title":"lobehub\/lobe-chat: Lobe Chat - an open-source, modern-design LLMs\/AI chat framework","volume-title":"Supports Multi AI Providers (OpenAI \/ Claude 3 \/ Gemini \/ Perplexity \/ Bedrock \/ Azure \/ Mistral \/ Ollama), Multi-Modals (Vision\/TTS) and plugin system. One-click FREE deployment of your private ChatGPT chat application","year":"2024"},{"key":"ref63","volume-title":"infiniflow\/ragflow: RAGFlow is an open-source RAG (RetrievalAugmented Generation) engine based on deep document understanding. - github.com","year":"2025"},{"key":"ref64","article-title":"Mintplex-Labs\/anything-11m: A multi-user ChatGPT for any LLMs and vector database","volume-title":"Unlimited documents, messages, and storage in one privacy-focused app. Now available as a desktop application with a built-in LLM!","year":"2024"},{"key":"ref65","volume-title":"mendableai\/firecrawl: Turn entire websites into LLM-ready markdown or structured data. Scrape, crawl and extract with a single API. github.com","year":"2025"},{"key":"ref66","volume-title":"khoj-ai\/khoj: Your AI second brain. Self-hostable. Get answers from the web or your docs. Build custom agents, schedule automations, do deep research. Turn any online or local LLM into your personal, autonomous AI (gpt, claude, gemini, llama, qwen, mistral). github.com","year":"2025"},{"key":"ref67","volume-title":"GaiZhenbiao\/ChuanhuChatGPT: GUI for ChatGPT API and many LLMs. Supports agents, file-based QA, GPT finetuning and query with web search. All with a neat UI","year":"2024"},{"key":"ref68","volume-title":"arc53\/DocsGPT: DocsGPT is an open-source genAI tool that helps users get reliable answers from knowledge source, while avoiding hallucinations. It enables private and reliable information retrieval, with tooling and agentic system capability built in. - github.com","year":"2025"},{"key":"ref69","volume-title":"onyx-dot-app\/onyx: Gen-AI Chat for Teams - Think ChatGPT if it had access to your team\u2019s unique knowledge. - github.com","year":"2025"},{"key":"ref70","volume-title":"vllm-project\/vllm: A high-throughput and memory-efficient inference and serving engine for LLMs","year":"2024"},{"key":"ref71","volume-title":"aws\/sagemaker-python-sdk: A library for training and deploying machine learning models on Amazon SageMaker - github.com","year":"2025"},{"key":"ref72","volume-title":"REST API endpoints for search - GitHub Docs - docs.github.com","year":"2025"},{"key":"ref73","volume-title":"NVD: National vulnerability database - Home - nvd.nist.gov","year":"2025"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313521"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3659433"},{"key":"ref76","first-page":"1033","article-title":"You\u2019ve got vulnerability: Exploring effective vulnerability notifications","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Li","year":"2016"},{"issue":"3","key":"ref77","doi-asserted-by":"crossref","DOI":"10.1007\/s10664-021-09951-x","article-title":"Lags in the release, adoption, and propagation of npm vulnerability fixes","volume":"26","author":"Chinthanet","year":"2021","journal-title":"Empirical Softw. Engg."},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9469-x"},{"key":"ref79","first-page":"359","article-title":"How long do vulnerabilities live in the code? a {Large-Scale} empirical measurement study on {FOSS} vulnerability lifetimes","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Alexopoulos","year":"2022"},{"key":"ref80","article-title":"Prompt flow integrity to prevent privilege escalation in llm agents","author":"Kim","year":"2025","journal-title":"arXiv preprint"},{"key":"ref81","article-title":"Permissioned llms: Enforcing access control in large language models","author":"Jayaraman","year":"2025","journal-title":"arXiv preprint"},{"key":"ref82","article-title":"Llm access shield: Domainspecific llm framework for privacy policy compliance","author":"Wang","year":"2025","journal-title":"arXiv preprint"},{"key":"ref83","volume-title":"Dependabot - github.com","year":"2025"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363191"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/1952982.1952984"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274714"},{"key":"ref87","volume-title":"Demystifying cost-efficiency in llm serving over heterogeneous gpus","author":"Jiang","year":"2025"},{"key":"ref88","volume-title":"Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration - github.com","year":"2025"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227209"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512236"},{"key":"ref91","article-title":"Open source, open threats? investigating security challenges in open-source software","volume-title":"arXiv preprint","author":"Akhavani","year":"2025"},{"key":"ref92","volume-title":"Android Chat SDK - Kotlin Messaging SDK - getstream.io","year":"2024"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME52107.2021.00048"},{"key":"ref95","article-title":"Building LLM Powered Applications: Create intelligent apps and agents with large language models","author":"Alto","year":"2024","journal-title":"Packt Publishing Ltd"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/ICDEW67478.2025.00007"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3669940.3707264"},{"key":"ref98","article-title":"Multi-agent collaboration mechanisms: A survey of llms","author":"Tran","year":"2025","journal-title":"arXiv preprint"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678720"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1145\/3715738"}],"event":{"name":"2025 2nd IEEE\/ACM International Conference on AI-powered Software (AIware)","location":"Seoul, Korea, Republic of","start":{"date-parts":[[2025,11,19]]},"end":{"date-parts":[[2025,11,20]]}},"container-title":["2025 2nd IEEE\/ACM International Conference on AI-powered Software (AIware)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11334058\/11334196\/11334709.pdf?arnumber=11334709","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T20:48:51Z","timestamp":1770842931000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11334709\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":100,"URL":"https:\/\/doi.org\/10.1109\/aiware69974.2025.00024","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]}}}