Update LLM08 vector and embedding weaknesses section with changes requested in #24

[S3DFX-CYBER]

LLM08:2026 Sprint 2 — Reviewer Feedback Resolution

Addresses all four items flagged during Sprint 1 review. in #24

Changes

Risk 2 — Embedding Inversion

• Added inline paper names: Vec2Text (Morris et al., EMNLP 2023, arXiv:2310.06816), ZSInvert (Zhang, Morris, Shmatikov, arXiv:2504.00147), and Zero2Text (Kim et al., arXiv:2602.01757) to replace the generic "recent zero-shot and few-shot methods" phrasing. All three were already in the reference list.

Risk 6 — Semantic Cache and Deduplication Poisoning

• Added inline citations for Wu et al. (NDSS 2026, "When Cache Poisoning Meets LLM Systems") and Zhao & Mastorakis et al. (arXiv:2601.23088) to satisfy the reviewer requirement that every Common Example have at least one paper or CVE.

Risk 7 — Multimodal Embedding Poisoning

• Added inline names for MM-PoisonRAG (Ha et al., arXiv:2502.17832) and Poisoned-MRAG (Liu et al., arXiv:2503.06254), which were in the reference list but not cited in the body.
• Added inline citation for "One Pic is All it Takes" (arXiv:2504.02132), which was missing from both the body and the reference list.

Reference List

Added (3)

• Ref 15: One Pic is All it Takes — arXiv:2504.02132
• Ref 16: Wu et al., When Cache Poisoning Meets LLM Systems — NDSS 2026
• Ref 17: Zhao & Mastorakis et al., Black-box Key-Collision Attacks on Semantic Caches — arXiv:2601.23088

Removed (1)

• Castagnaro et al., The Hidden Threat in Plain Text (AISec '25, arXiv:2507.05093) — orphaned after Parse-vs-Render coverage moved to LLM01 during scope tightening

Net ref count: 18 → 20

ENTRY LEADS : @S3DFX-CYBER and @arshi016
PROJECT LEADS: @virtualsteve-star and @rocklambros