Artificial intelligence (AI) has achieved remarkable performances across various domains. In most real-world applications, data often takes relational forms, such as graphs and networks, or sequential forms, such as text and time series. As AI evolves, specialized models have emerged to handle these structures; Graph Neural Networks (GNNs) for relational mining and Large Language Models (LLMs) for sequential understanding. Despite their success, these models face challenges in security, robustness, and interpretability. GNNs excel in relational reasoning but are vulnerable to adversarial manipulation and lack interpretability, while LLMs are strong in linguistic reasoning and generalization yet struggle with relational data and inherent security risks.

This dissertation introduces a unified framework that integrates GNNs and LLMs to address security-critical challenges by combining their complementary strengths. This integration assumes a frozen LLM, eliminating the need for expensive fine-tuning or exposure of internal model parameters, thereby allowing the use of state-of-the-art LLMs. The framework is designed to accommodate diverse data modalities across a wide range of AI applications.

Three core contributions at the intersection of GNNs and LLMs for security-critical applications are proposed. First, the dissertation introduces a novel inference-time, multi-instance adversarial attack to expose vulnerabilities in GNN-based detection systems. By jointly optimizing perturbations across multiple nodes in malicious domain graphs, the attack achieves over 80% evasion success on real-world datasets without access to model internals. This formalizes the notion of multi-instance attacks against GNNs. Second, a GNN-LLM integration is developed for optimizing prompts in LLM-based source code generation. Generative GNNs are used to efficiently navigate the prompt space of frozen LLMs, leading them to generate secure and functional code in large, non-differentiable search spaces where gradient-based methods are inapplicable. The third contribution proposes a predictive GNN that iteratively guides an LLM to generate conversational contexts that enable context-based jailbreaking attacks on LLMs. This reveals a new form of jailbreak attack targeting the context of interaction rather than the prompt itself, raising critical concerns for LLM safety.

Collectively, these contributions enable secure and robust GNN-LLM integration, improving deployment readiness and guiding future research on AI security with minimal impact on performance.