English
Related papers

Related papers: Manipulating LLM Web Agents with Indirect Prompt I…

200 papers

Large language model (LLM) agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface,…

Artificial Intelligence · Computer Science 2026-01-08 Kanghua Mo , Li Hu , Yucheng Long , Zhihao Li

Most LLM safety work studies single-agent models, but many real applications rely on multiple interacting agents. In these systems, prompt segmentation and inter-agent routing create attack surfaces that single-agent evaluations miss. We…

Multiagent Systems · Computer Science 2026-04-21 Nokimul Hasan Arif , Qian Lou , Mengxin Zheng

LLM agents are highly vulnerable to Indirect Prompt Injection (IPI), where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination…

Cryptography and Security · Computer Science 2026-03-12 Yu He , Haozhe Zhu , Yiming Li , Shuo Shao , Hongwei Yao , Zhihao Liu , Zhan Qin

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

Large Language Model (LLM) Agents are an emerging computing paradigm that blends generative machine learning with tools such as code interpreters, web browsing, email, and more generally, external resources. These agent-based systems…

Cryptography and Security · Computer Science 2024-10-23 Xiaohan Fu , Shuheng Li , Zihan Wang , Yihao Liu , Rajesh K. Gupta , Taylor Berg-Kirkpatrick , Earlence Fernandes

Recently, autonomous agents built on large language models (LLMs) have experienced significant development and are being deployed in real-world applications. These agents can extend the base LLM's capabilities in multiple ways. For example,…

Cryptography and Security · Computer Science 2024-07-31 Boyang Zhang , Yicong Tan , Yun Shen , Ahmed Salem , Michael Backes , Savvas Zannettou , Yang Zhang

Agentic large language model systems increasingly automate tasks by retrieving URLs and calling external tools. We show that this workflow gives rise to implicit prompt injection: adversarial instructions embedded in automatically generated…

Cryptography and Security · Computer Science 2026-02-27 Qianlong Lan , Anuj Kaul , Shaun Jones , Stephanie Westrum

Prompt injection attacks can compromise the security and stability of critical systems, from infrastructure to large web applications. This work curates and augments a prompt injection dataset based on the HackAPrompt Playground Submissions…

Cryptography and Security · Computer Science 2025-12-16 Safwan Shaheer , G. M. Refatul Islam , Mohammad Rafid Hamid , Md. Abrar Faiaz Khan , Md. Omar Faruk , Yaseen Nur

LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial…

Large language models (LLMs) are increasingly being integrated into web browsers to create agentic browsing systems that execute actions on behalf of the user. Prior work considering the security of agentic browsers focuses exclusively on…

Cryptography and Security · Computer Science 2026-05-08 Sohom Datta , Alex Nahapetyan , William Enck , Alexandros Kapravelos

Most discussions about Large Language Model (LLM) safety have focused on single-agent settings but multi-agent LLM systems now create novel adversarial risks because their behavior depends on communication between agents and decentralized…

Multiagent Systems · Computer Science 2025-10-10 Rana Muhammad Shahroz Khan , Zhen Tan , Sukwon Yun , Charles Fleming , Tianlong Chen

Large language models (LLMs) increasingly rely on retrieving information from external corpora. This creates a new attack surface: indirect prompt injection (IPI), where hidden instructions are planted in the corpora and hijack model…

Cryptography and Security · Computer Science 2026-01-13 Hongyan Chang , Ergute Bao , Xinjian Luo , Ting Yu

With the prosperity of large language models (LLMs), powerful LLM-based intelligent agents have been developed to provide customized services with a set of user-defined tools. State-of-the-art methods for constructing LLM agents adopt…

Computation and Language · Computer Science 2024-06-06 Yifei Wang , Dizhan Xue , Shengjie Zhang , Shengsheng Qian

Large Language Models (LLMs) are increasingly equipped with capabilities of real-time web search and integrated with protocols like Model Context Protocol (MCP). This extension could introduce new security vulnerabilities. We present a…

Cryptography and Security · Computer Science 2025-05-23 Junjie Xiong , Changjia Zhu , Shuhang Lin , Chong Zhang , Yongfeng Zhang , Yao Liu , Lingyao Li

The strong planning and reasoning capabilities of Large Language Models (LLMs) have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these…

Cryptography and Security · Computer Science 2025-06-17 Zhun Wang , Vincent Siu , Zhe Ye , Tianneng Shi , Yuzhou Nie , Xuandong Zhao , Chenguang Wang , Wenbo Guo , Dawn Song

Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly…

Cryptography and Security · Computer Science 2026-04-15 Yulin Chen , Tri Cao , Haoran Li , Yue Liu , Yibo Li , Yufei He , Le Minh Khoi , Yangqiu Song , Shuicheng Yan , Bryan Hooi

Multi-modal large language model (MLLM)-based web agents interact with webpage environments by generating actions based on screenshots of the webpages. In this work, we propose WebInject, a prompt injection attack that manipulates the…

Machine Learning · Computer Science 2025-10-20 Xilong Wang , John Bloch , Zedian Shao , Yuepeng Hu , Shuyan Zhou , Neil Zhenqiang Gong

LLM-based agents are increasingly deployed for complex tasks requiring planning, tool use, and interaction with external services. Their reliance on untrusted external content exposes them to indirect prompt injection (IPI), in which…

Machine Learning · Computer Science 2026-05-26 Zixuan Chen , Jiaxiang Chen , Li Luo , Ke Xu , Xiaoxiang Huang , Tanfeng Sun , Xinghao Jiang

As AI agents powered by Large Language Models (LLMs) become increasingly versatile and capable of addressing a broad spectrum of tasks, ensuring their security has become a critical challenge. Among the most pressing threats are prompt…

Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defense strategy tailored to counter LLM-driven cyberattacks.…

Cryptography and Security · Computer Science 2024-11-19 Dario Pasquini , Evgenios M. Kornaropoulos , Giuseppe Ateniese