A Vision for Robust and Human-Centric LLM-Based QR Code Security

Quick Response (QR) codes are now widely used as a digital communication tool. However, their extensive adoption has made them an attractive target for cyberattacks, particularly through the injection of malicious URLs that redirect users to phishing sites or initiate malware installations. Conventional security approaches such as blacklists and antivirus software are no longer efficient against such evolving threats. This vision paper proposes an AI-based framework using fine-tuned Large Language Models (LLMs) to identify malicious URLs embedded within QR codes. To ensure transparency, a novel ensemble Explainable AI (XAI) is applied to aggregate insights from various XAI methods to explain the features influencing model predictions, facilitating more robust interpretations. To enhance clarity and usability, the proposed framework incorporates personalized explanations tailored to cybersecurity analysts, system developers, and non-expert end users, informed by a role-specific user study. Furthermore, as XAI methods may expose sensitive model behavior, cyberattackers craft adversarial inputs to mislead the model or manipulate explanations. This necessitates the integration of adversarial training to ensure model robustness and explanation integrity, evaluated through perturbation consistency checks. The paper outlines key challenges in explanation fidelity and personalization and presents a development roadmap to advance secure, transparent, and human-centric explainable QR code analysis.