Anomaly Detection Unleashed: From Zero-Shot Time Series to Secure AI Ecosystems

Latest 50 papers on anomaly detection: Sep. 29, 2025

Anomaly detection is the unsung hero of AI/ML, crucial for everything from cybersecurity and industrial safety to medical diagnostics and financial fraud prevention. In an increasingly complex and data-rich world, identifying the ‘odd one out’ is more challenging—and more vital—than ever. Recent research highlights a fascinating wave of innovation, pushing the boundaries of what’s possible, from leveraging foundational models and graph neural networks to integrating quantum computing and agentic AI.

The Big Idea(s) & Core Innovations

Many recent breakthroughs converge on enhancing the adaptability and robustness of anomaly detection systems, often by minimizing reliance on labeled data or by capturing richer contextual information. A standout is the emergence of zero-shot learning and foundation models. Researchers from Tsinghua University and Huawei, in their paper “Towards Foundation Models for Zero-Shot Time Series Anomaly Detection: Leveraging Synthetic Data and Relative Context Discrepancy”, introduce TimeRCD. This novel model tackles the limitations of reconstruction-based methods by focusing on relative context discrepancies between adjacent time windows, using a large-scale synthetic dataset for effective pre-training.

Similarly, in computer vision, zero-shot anomaly localization is gaining traction. “A Single Image Is All You Need: Zero-Shot Anomaly Localization Without Training Data” by researchers from Georgia Tech and Arizona State University introduces SSDnet, which identifies anomalies in single images without any training data. This is achieved by leveraging the inductive bias of CNNs and perceptual losses, making it robust to noise and missing pixels. Pushing this further into dynamic media, “AnyAnomaly: Zero-Shot Customizable Video Anomaly Detection with LVLM” from Yonsei University presents AnyAnomaly, the first zero-shot customizable video anomaly detection system. It uses large vision-language models (LVLMs) to allow users to define abnormal events via text prompts, significantly improving accessibility without fine-tuning.

Graph-based approaches are also revolutionizing anomaly detection in complex, interconnected systems. For dynamic networks, Kyoto University researchers, in “Robust Anomaly Detection Under Normality Distribution Shift in Dynamic Graphs”, propose WhENDS, an unsupervised method that addresses normality distribution shift by aligning edge embeddings to a standard Gaussian distribution. This prevents normal instances from being misclassified as anomalies. Meanwhile, George Mason University’s “Graph Enhanced Trajectory Anomaly Detection” introduces GETAD, which integrates road network structure and semantics into trajectory modeling to detect subtle anomalies in movement patterns using Graph Attention Networks (GATs) and a multi-objective loss function.

For securing complex systems, AI-driven defense mechanisms are taking center stage. The “Adaptive Cybersecurity Architecture for Digital Product Ecosystems Using Agentic AI” by Oluwakemi Adebayo from the University of Technology, Nigeria, showcases how agentic AI can autonomously detect and adapt to threats in real-time, reducing the need for manual intervention. In a similar vein, “Sentinel Agents for Secure and Trustworthy Agentic AI in Multi-Agent Systems” by Diego Gosmar and Deborah A. Dahl proposes a framework with LLM-based Sentinel Agents for semantic analysis and anomaly detection to counter prompt injection and collusive behavior.

Addressing the unique challenges of specific domains, several papers offer tailored solutions. For blockchain security, “BlockScan: Detecting Anomalies in Blockchain Transactions” by researchers from UC Santa Barbara, Meta AI, NYU, and Northwestern University introduces BlockScan, a customized Transformer model that effectively handles multimodal blockchain data, achieving superior performance on Ethereum and Solana. In precision agriculture, Georgia Institute of Technology and University of Nebraska-Lincoln researchers, in “SPADE: A Large Language Model Framework for Soil Moisture Pattern Recognition and Anomaly Detection in Precision Agriculture”, leverage LLMs for zero-shot, interpretable analysis of soil moisture data, outperforming existing methods without training or fine-tuning.

Under the Hood: Models, Datasets, & Benchmarks

The innovations above are powered by a blend of sophisticated models, new evaluation paradigms, and carefully curated datasets:

• Foundation Models for Time Series: TimeRCD (https://arxiv.org/pdf/2509.21190) and MOMEMTO (https://arxiv.org/pdf/2509.18751) from Pohang University of Science and Technology address generalization in time series anomaly detection with memory-augmented and patch-based architectures, respectively.
• New Benchmarks: “Lossless Compression: A New Benchmark for Time Series Model Evaluation” introduces TSCom-Bench (https://anonymous.4open.science/r/TSCom-Bench-8262), an open-source framework using lossless compression as a rigorous evaluation metric for time series models.
• Graph-Enhanced Models: DGSP-GCN (for dynamic networks, https://arxiv.org/pdf/2406.11901) and GETAD (for trajectory analysis, https://arxiv.org/pdf/2509.18386) use advanced Graph Neural Networks (GNNs) with attention mechanisms and graph-based positional encodings.
• Domain-Specific Datasets: ISP-AD (https://arxiv.org/pdf/2503.04997) provides a large-scale industrial dataset with synthetic and real defects for visual anomaly detection, while DCAD-2000 (https://huggingface.co/datasets/openbmb/DCAD-2000) offers a multilingual dataset for LLMs with data cleaning framed as anomaly detection.
• Hybrid & Quantum Approaches: A “Quantum Enhanced Anomaly Detection for ADS-B Data using Hybrid Deep Learning” by University of Waterloo and Xanadu Quantum Technologies demonstrates the potential of hybrid quantum-classical models for aviation data. “Hybrid Reputation Aggregation: A Robust Defense Mechanism for Adversarial Federated Learning in 5G and Edge Network Environments” from the University of Oulu presents HRA, a robust aggregation mechanism for federated learning in 5G networks, combining geometric anomaly detection with reputation tracking.
• Vision Models & Embeddings: “Anomaly Detection by Clustering DINO Embeddings using a Dirichlet Process Mixture” (ETH Zurich) leverages DINOv2 embeddings with a Dirichlet Process Mixture Model for efficient medical imaging anomaly detection. “Two Is Better Than One: Aligned Representation Pairs for Anomaly Detection” (ETH Zurich) introduces Con2, using context augmentations based on natural data symmetries.

Many of these papers also offer public code repositories, inviting further exploration. For example, TSCom-Bench is available at https://anonymous.4open.science/r/TSCom-Bench-8262, SSDnet at https://github.com/mehrdadmoradi124/SSDnet, and GraphIDS for network intrusion detection at https://github.com/lorenzo9uerra/GraphIDS.

Impact & The Road Ahead

The impact of these advancements is profound, touching critical areas from securing smart grids and industrial IoT to improving healthcare diagnostics and financial fraud detection. The shift towards zero-shot and few-shot learning dramatically reduces the need for vast labeled datasets, making advanced anomaly detection accessible to more domains, especially those with scarce data. The integration of foundation models and LLMs promises more interpretable and adaptable systems that can reason about anomalies in human-like ways, as seen with LogReasoner (https://arxiv.org/pdf/2509.20798) for log analysis and MicroRCA-Agent (https://arxiv.org/pdf/2509.15635) for microservice root cause analysis.

Moreover, the focus on robustness against distribution shifts (WhENDS, https://arxiv.org/pdf/2509.17400) and adversarial attacks (HRA, https://arxiv.org/pdf/2509.18044; BETA, https://arxiv.org/pdf/2509.17987) highlights a growing maturity in building trustworthy AI systems. As AI becomes more deeply embedded in critical infrastructure, these capabilities will be indispensable. The emergence of hybrid quantum-classical approaches (https://arxiv.org/pdf/2509.15991) also hints at a future where even more powerful computational paradigms are harnessed for anomaly detection.

The road ahead involves creating even more generalizable models, developing standardized benchmarks that reflect real-world complexities (like TSCom-Bench, https://arxiv.org/pdf/2509.21002), and ensuring these powerful tools are energy-efficient and scalable for pervasive deployment. The ongoing convergence of AI with other fields, from physics-informed models (Pi-Transformer, https://arxiv.org/pdf/2509.19985) to explainable AI for autonomous driving (Eloss, https://arxiv.org/pdf/2509.16277), promises an exciting future where anomalies are not just detected, but understood and predicted with unprecedented accuracy and insight.