English
Related papers

Related papers: ObliInjection: Order-Oblivious Prompt Injection At…

200 papers

Hardware enclaves such as Intel SGX are a promising technology for improving the security of databases outsourced to the cloud. These enclaves provide an execution environment isolated from the hypervisor/OS, and encrypt data in RAM.…

Cryptography and Security · Computer Science 2019-09-20 Saba Eskandarian , Matei Zaharia

This report presents a real-world case study demonstrating how prompt injection can attack large language model platforms such as ChatGPT according to a proposed injection framework. By providing three real-world examples, we show how…

Cryptography and Security · Computer Science 2025-04-24 Xiangyu Chang , Guang Dai , Hao Di , Haishan Ye

LLM-integrated applications and agents are vulnerable to prompt injection attacks, where adversaries embed malicious instructions within seemingly benign input data to manipulate the LLM's intended behavior. Recent defenses based on…

Cryptography and Security · Computer Science 2025-12-09 Sarthak Choudhary , Divyam Anshumaan , Nils Palumbo , Somesh Jha

Agentic large language model systems increasingly automate tasks by retrieving URLs and calling external tools. We show that this workflow gives rise to implicit prompt injection: adversarial instructions embedded in automatically generated…

Cryptography and Security · Computer Science 2026-02-27 Qianlong Lan , Anuj Kaul , Shaun Jones , Stephanie Westrum

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

Large language models (LLMs) have demonstrated impressive performance and have come to dominate the field of natural language processing (NLP) across various tasks. However, due to their strong instruction-following capabilities and…

Cryptography and Security · Computer Science 2026-04-10 Yulin Chen , Haoran Li , Yuan Sui , Yue Liu , Yufei He , Xiaoling Bai , Chi Fei , Yabo Li , Haozhe Ma , Yangqiu Song , Bryan Hooi

Large Language Models (LLMs) are increasingly deployed in agentic systems that interact with an untrusted environment. However, LLM agents are vulnerable to prompt injection attacks when handling untrusted data. In this paper we propose…

Agents powered by large language models (LLMs) have demonstrated strong capabilities in a wide range of complex, real-world applications. However, LLM agents with a compromised memory bank may easily produce harmful outputs when the past…

Machine Learning · Computer Science 2026-02-16 Shen Dong , Shaochen Xu , Pengfei He , Yige Li , Jiliang Tang , Tianming Liu , Hui Liu , Zhen Xiang

Large language models (LLMs) are becoming a popular tool as they have significantly advanced in their capability to tackle a wide range of language-based tasks. However, LLMs applications are highly vulnerable to prompt injection attacks,…

Computation and Language · Computer Science 2024-11-11 Md Abdur Rahman , Fan Wu , Alfredo Cuzzocrea , Sheikh Iqbal Ahamed

Large language models (LLMs) deployed behind APIs and retrieval-augmented generation (RAG) stacks are vulnerable to prompt injection attacks that may override system policies, subvert intended behavior, and induce unsafe outputs. Existing…

Cryptography and Security · Computer Science 2026-03-20 Md Takrim Ul Alam , Akif Islam , Mohd Ruhul Ameen , Abu Saleh Musa Miah , Jungpil Shin

The critical challenge of prompt injection attacks in Large Language Models (LLMs) integrated applications, a growing concern in the Artificial Intelligence (AI) field. Such attacks, which manipulate LLMs through natural language inputs,…

Cryptography and Security · Computer Science 2024-01-17 Xuchen Suo

Large Vision-Language Models (LVLMs) are increasingly deployed in real-world intelligent systems for perception and reasoning in open physical environments. While LVLMs are known to be vulnerable to prompt injection attacks, existing…

Computer Vision and Pattern Recognition · Computer Science 2026-01-27 Chen Ling , Kai Hu , Hangcheng Liu , Xingshuo Han , Tianwei Zhang , Changhai Ou

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

The growing deployment of large language model (LLM) based agents that interact with external environments has created new attack surfaces for adversarial manipulation. One major threat is indirect prompt injection, where attackers embed…

Computation and Language · Computer Science 2026-04-14 Hwan Chang , Yonghyun Jun , Hwanhee Lee

This work demonstrates that LLM-based web navigation agents offer powerful automation capabilities but are vulnerable to Indirect Prompt Injection (IPI) attacks. We show that adversaries can embed universal adversarial triggers in webpage…

Cryptography and Security · Computer Science 2025-07-22 Sam Johnson , Viet Pham , Thai Le

Recent advances in Large Language Models (LLMs) enable exciting LLM-integrated applications, which perform text-based tasks by utilizing their advanced language understanding capabilities. However, as LLMs have improved, so have the attacks…

Cryptography and Security · Computer Science 2024-09-27 Sizhe Chen , Julien Piet , Chawin Sitawarin , David Wagner

Large Language Models (LLMs) have been integrated into many applications (e.g., web agents) to perform more sophisticated tasks. However, LLM-empowered applications are vulnerable to Indirect Prompt Injection (IPI) attacks, where…

Cryptography and Security · Computer Science 2025-12-12 Yinan Zhong , Qianhao Miao , Yanjiao Chen , Jiangyi Deng , Yushi Cheng , Wenyuan Xu

Long context LLMs are vulnerable to prompt injection, where an attacker can inject an instruction in a long context to induce an LLM to generate an attacker-desired output. Existing prompt injection defenses are designed for short contexts.…

Cryptography and Security · Computer Science 2025-11-17 Runpeng Geng , Yanting Wang , Chenlong Yin , Minhao Cheng , Ying Chen , Jinyuan Jia

As LLMs are increasingly integrated into systems that browse, retrieve, summarize, and act on web content, webpages have become an untrusted input vector for downstream model behavior. This enables site owners, contributors, and adversaries…

Cryptography and Security · Computer Science 2026-05-01 Soheil Khodayari , Xuenan Zhang , Bhupendra Acharya , Giancarlo Pellegrino

Tool selection is a key component of LLM agents. A popular approach follows a two-step process - \emph{retrieval} and \emph{selection} - to pick the most appropriate tool from a tool library for a given task. In this work, we introduce…

Cryptography and Security · Computer Science 2025-08-26 Jiawen Shi , Zenghui Yuan , Guiyao Tie , Pan Zhou , Neil Zhenqiang Gong , Lichao Sun