English
Related papers

Related papers: Bypassing AI Control Protocols via Agent-as-a-Prox…

200 papers

AI agents are vulnerable to indirect prompt injection attacks, where malicious instructions embedded in external content or tool outputs cause unintended or harmful behavior. Inspired by the well-established concept of firewalls, we show…

Cryptography and Security · Computer Science 2026-03-24 Rishika Bhagwatkar , Kevin Kasa , Abhay Puri , Gabriel Huang , Irina Rish , Graham W. Taylor , Krishnamurthy Dj Dvijotham , Alexandre Lacoste

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

Recent research has explored that LLM agents are vulnerable to indirect prompt injection (IPI) attacks, where malicious tasks embedded in tool-retrieved information can redirect the agent to take unauthorized actions. Existing defenses…

Cryptography and Security · Computer Science 2025-06-12 Kaijie Zhu , Xianjun Yang , Jindong Wang , Wenbo Guo , William Yang Wang

AI control protocols serve as a defense mechanism to stop untrusted LLM agents from causing harm in autonomous settings. Prior work treats this as a security problem, stress testing with exploits that use the deployment context to subtly…

As LLM agents transition from digital assistants to physical controllers in autonomous systems and robotics, they face an escalating threat from indirect prompt injection. By embedding adversarial instructions into the results of tool…

Artificial Intelligence · Computer Science 2026-01-09 Qiang Yu , Xinran Cheng , Chuanyi Liu

AI agents aim to solve complex tasks by combining text-based reasoning with external tool calls. Unfortunately, AI agents are vulnerable to prompt injection attacks where data returned by external tools hijacks the agent to execute…

Cryptography and Security · Computer Science 2024-11-26 Edoardo Debenedetti , Jie Zhang , Mislav Balunović , Luca Beurer-Kellner , Marc Fischer , Florian Tramèr

Large Language Model (LLM) agents exhibit remarkable performance across diverse applications by using external tools to interact with environments. However, integrating external tools introduces security risks, such as indirect prompt…

Cryptography and Security · Computer Science 2025-03-05 Qiusi Zhan , Richard Fang , Henil Shalin Panchal , Daniel Kang

The integration of external data services (e.g., Model Context Protocol, MCP) has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security…

Cryptography and Security · Computer Science 2026-02-25 Che Wang , Jiaming Zhang , Ziqi Zhang , Zijie Wang , Yinghui Wang , Jianbo Gao , Tao Wei , Zhong Chen , Wei Yang Bryan Lim

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm (data-instruction separation) both fails to detect attacks that operate through contextual…

Cryptography and Security · Computer Science 2026-05-19 Sahar Abdelnabi , Eugene Bagdasarian

Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces enable real-time data retrieval, computation, and multi-step orchestration. However, the rapid growth of plugins, connectors, and…

Cryptography and Security · Computer Science 2025-12-16 Mohamed Amine Ferrag , Norbert Tihanyi , Djallel Hamouda , Leandros Maglaras , Abderrahmane Lakas , Merouane Debbah

Autonomous Large Language Model (LLM) agents exhibit significant vulnerability to Indirect Prompt Injection (IPI) attacks. These attacks hijack agent behavior by polluting external information sources, exploiting fundamental trade-offs…

Artificial Intelligence · Computer Science 2026-01-26 Zhibo Liang , Tianze Hu , Zaiye Chen , Mingjie Tang

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies,…

Cryptography and Security · Computer Science 2026-02-13 Aashish Kolluri , Rishi Sharma , Manuel Costa , Boris Köpf , Tobias Nießen , Mark Russinovich , Shruti Tople , Santiago Zanella-Béguelin

Large language model (LLM) agents are widely deployed in real-world applications, where they leverage tools to retrieve and manipulate external data for complex tasks. However, when interacting with untrusted data sources (e.g., fetching…

Cryptography and Security · Computer Science 2025-08-22 Hengyu An , Jinghuai Zhang , Tianyu Du , Chunyi Zhou , Qingming Li , Tao Lin , Shouling Ji

Powerful autonomous systems, which reason, plan, and converse using and between numerous tools and agents, are made possible by Large Language Models (LLMs), Vision-Language Models (VLMs), and new agentic AI systems, like LangChain and…

Cryptography and Security · Computer Science 2025-12-30 Toqeer Ali Syed , Mishal Ateeq Almutairi , Mahmoud Abdel Moaty

As AI agents powered by Large Language Models (LLMs) become increasingly versatile and capable of addressing a broad spectrum of tasks, ensuring their security has become a critical challenge. Among the most pressing threats are prompt…

LLM agents are highly vulnerable to Indirect Prompt Injection (IPI), where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination…

Cryptography and Security · Computer Science 2026-03-12 Yu He , Haozhe Zhu , Yiming Li , Shuo Shao , Hongwei Yao , Zhihao Liu , Zhan Qin

The evolution of Large Language Models (LLMs) has resulted in a paradigm shift towards autonomous agents, necessitating robust security against Prompt Injection (PI) vulnerabilities where untrusted inputs hijack agent behaviors. This SoK…

Cryptography and Security · Computer Science 2026-02-12 Peiran Wang , Xinfeng Li , Chong Xiang , Jinghuai Zhang , Ying Li , Lixia Zhang , Xiaofeng Wang , Yuan Tian

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose…

Computation and Language · Computer Science 2026-04-07 Wenhui Zhu , Xuanzhao Dong , Xiwen Chen , Rui Cai , Peijie Qiu , Zhipeng Wang , Oana Frunza , Shao Tang , Jindong Gu , Yalin Wang

LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial…

Large language models (LLMs) and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: (1) their effectiveness degrades…

Cryptography and Security · Computer Science 2026-04-02 Yanting Wang , Wei Zou , Runpeng Geng , Jinyuan Jia
‹ Prev 1 2 3 10 Next ›