English

AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs

Cryptography and Security 2026-02-25 v1 Artificial Intelligence

Abstract

The integration of external data services (e.g., Model Context Protocol, MCP) has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection (IPI) attacks. Existing attack methods are limited by their reliance on static patterns and evaluation on simple language models, failing to address the fast-evolving nature of modern AI agents. We introduce AdapTools, a novel adaptive IPI attack framework that selects stealthier attack tools and generates adaptive attack prompts to create a rigorous security evaluation environment. Our approach comprises two key components: (1) Adaptive Attack Strategy Construction, which develops transferable adversarial strategies for prompt optimization, and (2) Attack Enhancement, which identifies stealthy tools capable of circumventing task-relevance defenses. Comprehensive experimental evaluation shows that AdapTools achieves a 2.13 times improvement in attack success rate while degrading system utility by a factor of 1.78. Notably, the framework maintains its effectiveness even against state-of-the-art defense mechanisms. Our method advances the understanding of IPI attacks and provides a useful reference for future research.

Keywords

Cite

@article{arxiv.2602.20720,
  title  = {AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs},
  author = {Che Wang and Jiaming Zhang and Ziqi Zhang and Zijie Wang and Yinghui Wang and Jianbo Gao and Tao Wei and Zhong Chen and Wei Yang Bryan Lim},
  journal= {arXiv preprint arXiv:2602.20720},
  year   = {2026}
}

Comments

11 pages

R2 v1 2026-07-01T10:49:37.600Z