@article{jin2020bertrobust,
  title={Is BERT Really Robust? A Strong Baseline for Natural Language Attack on Text Classification and Entailment},
  author={Jin, Di and Jin, Zhijing and Zhou, Joey Tianyi and Szolovits, Peter},
  journal={arXiv preprint arXiv:1907.11932},
  year={2020}
}

@article{cer2018use,
  title={Universal Sentence Encoder},
  author={Cer, Daniel and Yang, Yinfei and Kong, Sheng-yi and Hua, Nan and Limtiaco, Nicole and St. John, Rhomni and Constant, Noah and Guajardo-Cespedes, Mario and Yuan, Steve and Tar, Chris and others},
  journal={arXiv preprint arXiv:1803.11175},
  year={2018}
}

@article{mrksic2016counterfitting,
  title={Counter-fitting Word Vectors to Linguistic Constraints},
  author={Mrkšić, Nikola and Séaghdha, Diarmuid Ó and Thomson, Blaise and Gašić, Milica and Rojas-Barahona, Lina M. and Su, Pei-Hao and Vandyke, David and Wen, Tsung-Hsien and Young, Steve},
  journal={arXiv preprint arXiv:1603.00892},
  year={2016}
}

@misc{textattack2020framework,
  author = {Morris, John and Lifland, Eli and Yoo, Jin and Grigsby, Jake and Jin, Di and Qi, Yanjun},
  title = {TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP},
  year = {2020},
  howpublished = {\url{https://arxiv.org/pdf/2005.05909.pdf}}
}

@article{jia2017adversarial,
  title={Adversarial Examples for Evaluating Reading Comprehension Systems},
  author={Jia, Robin and Liang, Percy},
  journal={arXiv preprint arXiv:1707.07328},
  year={2017}
}

@article{omar2022robust,
  title={Robust Natural Language Processing: Recent Advances, Challenges, and Future Directions},
  author={Omar, Marwan and Choi, Soohyeon and Nyang, DaeHun and Mohaisen, David},
  journal={IEEE Access},
  volume={10},
  pages={86038--86056},
  year={2022}
}

@article{huang2024semantic,
  title={Defense against adversarial attacks via textual embeddings based on semantic associative field},
  author={Huang, J. and Chen, L.},
  journal={Neural Computing and Applications},
  volume={36},
  pages={289--301},
  year={2024}
}

@article{chen2025worstcase,
  title={Towards the Worst-case Robustness of Large Language Models},
  author={Chen, H. and Dong, Y. and Wei, Z. and Su, H. and Zhu, J.},
  journal={arXiv preprint arXiv:2501.19040},
  year={2025}
}

@misc{wsj2025securityrisks,
  author = {{The Wall Street Journal}},
  title = {Large Language Models Pose Growing Security Risks},
  year = {2025},
  month = {February},
  howpublished = {\url{https://www.wsj.com/articles/large-language-models-pose-growing-security-risks-f3c84ea9}},
  note = {[Online]}
}

@misc{mistral2023,
  author = {Mistral AI Team},
  title = {Announcing Mistral 7B},
  year = {2023},
  howpublished = {\url{https://mistral.ai/news/announcing-mistral-7b}},
  note = {[Online]}
}

@article{rajpurkar2016,
  author = {P. Rajpurkar and J. Zhang and K. Lopyrev and P. Liang},
  title = {SQuAD: 100,000+ Questions for Machine Comprehension of Text},
  journal = {arXiv preprint arXiv:1606.05250},
  year = {2016},
  url = {https://arxiv.org/pdf/1606.05250.pdf}
}

@article{yang2024,
  author = {Z. Yang and Z. Meng and X. Zheng and R. Wattenhofer},
  title = {Assessing Adversarial Robustness of Large Language Models: An Empirical Study},
  journal = {arXiv preprint arXiv:2405.02764},
  year = {2024},
  url = {https://arxiv.org/pdf/2405.02764.pdf}
}

@article{vitorino2024,
  author = {J. Vitorino and E. Maia and I. Praça},
  title = {Adversarial Evasion Attack Efficiency against Large Language Models},
  journal = {arXiv preprint arXiv:2406.08050v1},
  year = {2024},
  url = {https://arxiv.org/pdf/2406.08050v1.pdf}
}