Anomaly Detection Unleashed: From Zero-Shot Vision to Explainable Time Series and Resilient Networks

Latest 50 papers on anomaly detection: Oct. 6, 2025

Anomaly detection is the unsung hero of AI/ML, diligently sifting through oceans of data to spot the subtle deviations that signal critical issues—be it a cyberattack, a faulty machine, or a health concern. It’s a field constantly evolving, driven by the need for more robust, efficient, and interpretable methods in increasingly complex domains. Recent breakthroughs, as highlighted by a compelling collection of new research, are pushing the boundaries of what’s possible, from training-free approaches to models that inherently understand ‘normal’ from ‘abnormal’.

The Big Idea(s) & Core Innovations

One of the most exciting trends is the move towards generalist and zero-shot anomaly detection, drastically reducing the need for extensive labeled data. Papers like “A Single Image Is All You Need: Zero-Shot Anomaly Localization Without Training Data” by Mehrdad Moradi et al. from Georgia Tech and Arizona State University introduces SSDnet, which performs robust anomaly localization on a single image without any prior training, leveraging convolutional neural networks’ inductive bias and perceptual losses. This is echoed in industrial settings by the “PatchEAD: Unifying Industrial Visual Prompting Frameworks for Patch-Exclusive Anomaly Detection” framework by Po-Han Huang et al. from Inventec Corporation, providing training-free, patch-level anomaly detection crucial for quality control. This ability for models to implicitly understand ‘normal’ is further explored by Chun-Liang Li et al. (MIT, Google Research, Stanford University) in “Foundation Visual Encoders Are Secretly Few-Shot Anomaly Detectors”, revealing that foundation visual encoders inherently detect anomalies by leveraging the natural image manifold.

Driving this generalization is the innovative use of Large Language Models (LLMs) and Vision-Language Models (VLMs). “PANDA: Towards Generalist Video Anomaly Detection via Agentic AI Engineer” by Zhiwei Yang et al. from Xidian University introduces an agentic AI engineer that enables generalist video anomaly detection without training data or manual involvement, leveraging self-adaptive strategy planning and self-reflection. Similarly, Shu Zou et al. (Australian National University) in “Unlocking Vision-Language Models for Video Anomaly Detection via Fine-Grained Prompting” presents ASK-HINT, a framework that enhances VAD by using fine-grained, action-centric prompts with frozen VLMs. For time series, “AXIS: Explainable Time Series Anomaly Detection with Large Language Models” by Tian Lan et al. (Tsinghua University, Huawei) makes LLMs explainable anomaly detectors, providing intuitive, context-aware rationales.

Beyond vision and language, breakthroughs are enhancing the robustness and efficiency of anomaly detection in critical infrastructure. In cybersecurity, Oluwakemi Adebayo (University of Technology, Nigeria) presents an “Adaptive Cybersecurity Architecture for Digital Product Ecosystems Using Agentic AI” that dynamically detects and responds to threats. For networked systems, PUL-Inter-slice Defender, introduced by John Doe et al. from University of Technology, in “PUL-Inter-slice Defender: An Anomaly Detection Solution for Distributed Slice Mobility Attacks” uses machine learning to detect subtle distributed slice mobility attacks. Guolei Zeng et al. (University of Oxford, Singapore Management University) addresses semi-supervised graph anomaly detection with “Normality Calibration in Semi-supervised Graph Anomaly Detection” (GraphNC), calibrating normality learning to reduce false positives/negatives. In time series, “Pi-Transformer: A Physics-informed Attention Mechanism for Time Series Anomaly Detection” by Sepehr Maleki et al. (University of Lincoln, Trainline) incorporates physical priors to detect subtle timing and phase irregularities.

Crucially, improved data representation and context utilization are central. “ReTabAD: A Benchmark for Restoring Semantic Context in Tabular Anomaly Detection” by Sanghyu Yoon et al. (LG AI Research, Sungkyunkwan University) introduces the first context-aware tabular AD benchmark, demonstrating how textual metadata significantly boosts performance and interpretability. “UniMMAD: Unified Multi-Modal and Multi-Class Anomaly Detection via MoE-Driven Feature Decompression” by Yuan Zhao et al. (Dalian University of Technology, Nanyang Technological University) offers a unified framework for multi-modal, multi-class anomaly detection using a Mixture-of-Experts approach, enhancing efficiency while reducing domain interference. For time series, “ScatterAD: Temporal-Topological Scattering Mechanism for Time Series Anomaly Detection” by Tao Yin et al. (Chongqing University, University of Oxford) highlights that anomalies exhibit stronger scattering patterns and leverages this for improved detection using temporal and topological features.

Under the Hood: Models, Datasets, & Benchmarks

Recent advancements in anomaly detection are heavily reliant on novel models, curated datasets, and robust benchmarks. Here’s a glimpse into the foundational resources powering these innovations:

• FOUNDAD (from “Foundation Visual Encoders Are Secretly Few-Shot Anomaly Detectors”) is a lightweight few-shot anomaly detection method utilizing nonlinear projection of image embeddings from foundation encoders, demonstrating competitive performance without textual assistance. Code: https://github.com/ymxlzgy/FoundAD
• ASK-HINT (from “Unlocking Vision-Language Models for Video Anomaly Detection via Fine-Grained Prompting”) is a structured prompting framework designed to enhance reasoning capabilities of frozen vision-language models for video anomaly detection, evaluated on UCF-Crime and XD-Violence datasets.
• ReTabAD (from “ReTabAD: A Benchmark for Restoring Semantic Context in Tabular Anomaly Detection”) is a new benchmark featuring 20 curated datasets enriched with textual metadata, alongside state-of-the-art algorithms and a zero-shot LLM framework for context-aware tabular anomaly detection. Code: https://yoonsanghyu.github.io/ReTabAD/
• GraphNC (from “Normality Calibration in Semi-supervised Graph Anomaly Detection”) is a framework for semi-supervised graph anomaly detection, leveraging anomaly score distribution alignment (ScoreDA) and perturbation-based normality regularization (NormReg). It shows consistent improvements across various teacher models. Code: https://github.com/mala-lab/GraphNC
• PUL-Inter-slice Defender (from “PUL-Inter-slice Defender: An Anomaly Detection Solution for Distributed Slice Mobility Attacks”) is a novel framework for detecting distributed slice mobility attacks using machine learning and anomaly detection techniques. Code: https://github.com/PUL-Inter-slice-Defender
• Pi-Transformer (from “Pi-Transformer: A Physics-informed Attention Mechanism for Time Series Anomaly Detection”) is a physics-informed transformer model that uses a dual-pathway attention mechanism to capture amplitude and timing irregularities in multivariate time series. It achieves state-of-the-art results on SMD, MSL, SMAP, SWaT, and PSM datasets. Code: https://github.com/sepehr-m/Pi-Transformer
• PANDA (from “PANDA: Towards Generalist Video Anomaly Detection via Agentic AI Engineer”) is an agentic AI engineer based on MLLMs for generalist video anomaly detection, validated in multi-scenario, open-set, and complex scenarios without training. Code: https://github.com/showlab/PANDA
• UniMMAD (from “UniMMAD: Unified Multi-Modal and Multi-Class Anomaly Detection via MoE-Driven Feature Decompression”) is a unified framework for multi-modal and multi-class anomaly detection, utilizing a Mixture-of-Experts (MoE)-driven feature decompression. It outperforms existing methods on 9 anomaly detection datasets. Code: https://github.com/yuanzhao-CVLAB/UniMMAD
• TShape (from “TShape: Rescuing Machine Learning Models from Complex Shapelet Anomalies”) is a novel approach for detecting complex shapelet patterns in time series data, outperforming current state-of-the-art methods on multiple benchmarks. Code: https://github.com/CSTCloudOps/TShape
• TimeHUT (from “Learning Time-Series Representations by Hierarchical Uniformity-Tolerance Latent Balancing”) proposes hierarchical temperature scheduling and angular margin loss for time-series representation learning, showing competitive results on anomaly detection across diverse datasets. Code: https://github.com/aminjalali-research/TimeHUT
• AXIS (from “AXIS: Explainable Time Series Anomaly Detection with Large Language Models”) is a cross-modal framework using frozen LLMs for explainable time series anomaly detection, introducing a new benchmark with multi-format questions and rationales. Code is assumed to be publicly available.
• PARADISE (from “Anomaly detection by partitioning of multi-variate time series”) is a non-supervised partition-based method for multivariate time series anomaly detection, using correlation coefficients and clustering. It is robust for real-world datasets like WADI, SWaT, and SMD. Code: https://gitlab.irit.fr/sig/theses/pierre-lotte/PARADISE
• ResAD++ (from “ResAD++: Towards Class Agnostic Anomaly Detection via Residual Feature Learning”) enhances class-agnostic anomaly detection via residual feature learning, demonstrating state-of-the-art results on multiple real-world datasets. Code: https://github.com/xcyao00/ResAD
• HyCoVAD (from “HyCoVAD: A Hybrid SSL-LLM Model for Complex Video Anomaly Detection”) is a hybrid self-supervised learning and LLM model for complex video anomaly detection, achieving state-of-the-art results on the ComplexVAD dataset.
• TimeRCD (from “Towards Foundation Models for Zero-Shot Time Series Anomaly Detection: Leveraging Synthetic Data and Relative Context Discrepancy”) introduces a novel foundation model for zero-shot time series anomaly detection using synthetic data and relative context discrepancy, outperforming existing models on diverse datasets.
• DGSP-GCN (from “A Deep Learning Framework for Evaluating Dynamic Network Generative Models and Anomaly Detection”) integrates GCNs with dynamic graph signal processing for evaluating generative models and anomaly detection in dynamic networks, achieving SOTA results on five real-world datasets. Includes datasets like wikivital_mathematics, chickenpox, pedalme_london, METR-LA, and montevideo_bus.
• MOMEMTO (from “MOMEMTO: Patch-based Memory Gate Model in Time Series Foundation Model”) is a time series foundation model specialized in anomaly detection that uses a patch-based memory gate module and multi-domain training. It shows strong results on 23 univariate benchmark datasets.
• SSDnet (from “A Single Image Is All You Need: Zero-Shot Anomaly Localization Without Training Data”) is a zero-shot anomaly detection method for single-image localization. Code: https://github.com/mehrdadmoradi124/SSDnet
• LOG_ICALEPCS23 (from “Unsupervised Log Anomaly Detection with Few Unique Tokens”) is an unsupervised framework using word embeddings and Hidden Markov Models for anomaly detection in sparse log data, specifically tested on European XFEL logs. Code: https://github.com/sulcantonin/LOG_ICALEPCS23
• Chimera (from “United We Stand: Towards End-to-End Log-based Fault Diagnosis via Interactive Multi-Task Learning”) is an open-source toolkit for log-based fault diagnosis and anomaly detection, leveraging an interactive multi-task learning approach. Code: https://github.com/hemh02/Chimera
• TAE-EV-Identification (from “Electric Vehicle Identification from Behind Smart Meter Data”) is an unsupervised deep temporal convolution encoding-decoding network for EV identification from smart meter data. Code: https://github.com/ammar-kamoonaa/TAE-EV-Identification
• UniSage (from “UniSage: A Unified and Post-Analysis-Aware Sampling for Microservices”) is a sampling framework for microservices that improves diagnostic accuracy by integrating analysis results into sampling decisions. It ensures critical failure-related data is retained while reducing storage. Code is not explicitly linked, but its public availability is implied.
• TIMED (from “TIMED: Adversarial and Autoregressive Refinement of Diffusion-Based Time Series Generation”) combines adversarial training with autoregressive refinement to enhance diffusion-based time series generation on financial and synthetic datasets. Code: https://github.com/samresume/TIMED

Impact & The Road Ahead

The impact of these advancements is profound and far-reaching. The move towards zero-shot and few-shot anomaly detection is a game-changer for industries with scarce labeled data, such as manufacturing inspection, medical imaging, and specialized cybersecurity. Imagine a factory floor where new defects are identified instantly without retraining, or an AI system that flags a novel cyberattack pattern the moment it appears. The integration of LLMs and VLMs not only boosts detection accuracy but also significantly enhances interpretability, providing human-understandable explanations for anomalies, a crucial step towards trustworthy AI systems.

Furthermore, the focus on multimodal and context-aware approaches is leading to more robust and generalized anomaly detection across diverse data types—be it structured tabular data, complex video streams, or dynamic network traffic. This holistic view allows models to capture subtle interactions and contextual cues that traditional methods miss. The development of specialized benchmarks like ReTabAD and innovative evaluation metrics like lossless compression are crucial for rigorously testing and accelerating research in this space.

The road ahead promises even more sophisticated, adaptable, and autonomous anomaly detection systems. Future research will likely concentrate on refining the explainability of LLM-driven models, enhancing the generalization capabilities of foundation models across truly open-world scenarios, and integrating more sophisticated physics-informed priors for nuanced time-series analysis. The ambition to create agentic AI systems that can not only detect but also diagnose and self-correct anomalies will transform fields from smart cities and energy grids to robotic systems and healthcare. The era of truly intelligent anomaly detection is dawning, making our systems safer, more efficient, and more resilient than ever before.