S. Ashwin Hebbar

S. Ashwin Hebbar, Sravan Kumar Ankireddy, Harshithanjani Athi et al.

Orthogonal Frequency Division Multiplexing (OFDM) is the dominant waveform in modern wireless systems, but suffers performance degradation in high-mobility environments due to Doppler-induced inter-carrier interference and unreliable pilot-based channel estimation. Neural receivers have recently shown strong performance in OFDM systems by learning equalization and detection directly from the received time-frequency grid. However, when channel estimation becomes unreliable, receiver-side learning alone is insufficient to fully recover performance. In this work we introduce DeepOFDM, a learnable modulation framework that augments conventional OFDM with a lightweight convolutional neural network (CNN) modulator jointly optimized with a neural receiver. Instead of mapping symbols independently to resource elements, DeepOFDM spreads information across local time-frequency neighborhoods while remaining fully compatible with FFT-based OFDM processing. The learned modulation breaks the rotational symmetry of conventional QAM constellations, enabling the receiver to infer residual phase directly from data symbols. This structure allows reliable operation with sparse pilots and even in fully pilotless settings. Extensive simulations demonstrate improvements in block error rate and goodput under high Doppler, while over-the-air experiments confirm practical feasibility. These results highlight the potential of transmitter-receiver co-design for robust and spectrally efficient AI-native physical layer design.

Atharv Singh Patlan, Peiyao Sheng, S. Ashwin Hebbar et al.

AI agents integrated with Web3 offer autonomy and openness but raise security concerns as they interact with financial protocols and immutable smart contracts. This paper investigates the vulnerabilities of AI agents within blockchain-based financial ecosystems when exposed to adversarial threats in real-world scenarios. We introduce the concept of context manipulation -- a comprehensive attack vector that exploits unprotected context surfaces, including input channels, memory modules, and external data feeds. It expands on traditional prompt injection and reveals a more stealthy and persistent threat: memory injection. Using ElizaOS, a representative decentralized AI agent framework for automated Web3 operations, we showcase that malicious injections into prompts or historical records can trigger unauthorized asset transfers and protocol violations which could be financially devastating in reality. To quantify these risks, we introduce CrAIBench, a Web3-focused benchmark covering 150+ realistic blockchain tasks. such as token transfers, trading, bridges, and cross-chain interactions, and 500+ attack test cases using context manipulation. Our evaluation results confirm that AI models are significantly more vulnerable to memory injection compared to prompt injection. Finally, we evaluate a comprehensive defense roadmap, finding that prompt-injection defenses and detectors only provide limited protection when stored context is corrupted, whereas fine-tuning-based defenses substantially reduce attack success rates while preserving performance on single-step tasks. These results underscore the urgent need for AI agents that are both secure and fiduciarily responsible in blockchain environments.

Atharv Singh Patlan, Peiyao Sheng, S. Ashwin Hebbar et al.

Language agents are rapidly expanding from single-user assistants to multi-user collaborators in shared workspaces and groups. However, today's language models lack a mechanism for isolating user interactions and concurrent tasks, creating a new attack vector inherent to this new setting: cross-user poisoning (CUP). In a CUP attack, an adversary injects ordinary-looking messages that poison the persistent, shared state, which later triggers the agent to execute unintended, attacker-specified actions on behalf of benign users. We validate CUP on real systems, successfully attacking popular multi-user agents. To study the phenomenon systematically, we present MURMUR, a framework that composes single-user tasks into concurrent, group-based scenarios using an LLM to generate realistic, history-aware user interactions. We observe that CUP attacks succeed at high rates and their effects persist across multiple tasks, thus posing fundamental risks to multi-user LLM deployments. Finally, we introduce a first-step defense with task-based clustering to mitigate this new class of vulnerability