English
Related papers

Related papers: Bypassing AI Control Protocols via Agent-as-a-Prox…

200 papers

Large language model (LLM) agents increasingly rely on external tools and retrieval systems to autonomously complete complex tasks. However, this design exposes agents to indirect prompt injection (IPI), where attacker-controlled context…

Cryptography and Security · Computer Science 2026-02-27 Tian Zhang , Yiwei Xu , Juan Wang , Keyan Guo , Xiaoyang Xu , Bowen Xiao , Quanlong Guan , Jinlin Fan , Jiawei Liu , Zhiquan Liu , Hongxin Hu

Large Language Model (LLM) agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt…

Cryptography and Security · Computer Science 2026-04-28 Zonghao Ying , Haozheng Wang , Jiangfan Liu , Quanchen Zou , Aishan Liu , Jian Yang , Yaodong Yang , Xianglong Liu

AI agents such as OpenClaw are increasingly deployed in local workflows with access to external tools. This creates indirect prompt-injection (IPI) risk: an agent may execute harmful instructions embedded in untrusted inputs such as email,…

Cryptography and Security · Computer Science 2026-05-26 Lei Zhao , Abhay Bhaskar , Edgar Dobriban

Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly…

Cryptography and Security · Computer Science 2026-04-15 Yulin Chen , Tri Cao , Haoran Li , Yue Liu , Yibo Li , Yufei He , Le Minh Khoi , Yangqiu Song , Shuicheng Yan , Bryan Hooi

The integration of artificial intelligence (AI) agents into web browsers introduces security challenges that go beyond traditional web application threat models. Prior work has identified prompt injection as a new attack vector for web…

Machine Learning · Computer Science 2025-11-26 Kaiyuan Zhang , Mark Tenenholtz , Kyle Polley , Jerry Ma , Denis Yarats , Ninghui Li

Retrieval-augmented generation (RAG) systems have become widely used for enhancing large language model capabilities, but they introduce significant security vulnerabilities through prompt injection attacks. We present a comprehensive…

Cryptography and Security · Computer Science 2025-11-21 Badrinath Ramakrishnan , Akshaya Balaji

Prompt injection attacks represent a major vulnerability in Large Language Model (LLM) deployments, where malicious instructions embedded in user inputs can override system prompts and induce unintended behaviors. This paper presents a…

Cryptography and Security · Computer Science 2025-12-18 S M Asif Hossain , Ruksat Khan Shayoni , Mohd Ruhul Ameen , Akif Islam , M. F. Mridha , Jungpil Shin

Previous benchmarks on prompt injection in large language models (LLMs) have primarily focused on generic tasks and attacks, offering limited insights into more complex threats like data exfiltration. This paper examines how prompt…

Cryptography and Security · Computer Science 2025-06-03 Meysam Alizadeh , Zeynab Samei , Daria Stetsenko , Fabrizio Gilardi

Despite their potential, recent research has demonstrated that LLM agents are vulnerable to prompt injection attacks, where malicious prompts are injected into the agent's input, causing it to perform an attacker-specified task rather than…

Computer-Use Agents (CUAs) with full system access enable powerful task automation but pose significant security and privacy risks due to their ability to manipulate files, access user data, and execute arbitrary commands. While prior work…

Artificial Intelligence · Computer Science 2026-03-03 Tri Cao , Bennett Lim , Yue Liu , Yuan Sui , Yuexin Li , Shumin Deng , Lin Lu , Nay Oo , Shuicheng Yan , Bryan Hooi

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

LLM-powered applications routinely embed secrets in system prompts, yet models can be tricked into revealing them. We built an adaptive attacker that evolves its strategies over hundreds of rounds and tested it against nine defense…

Cryptography and Security · Computer Science 2026-05-14 Priyal Deep , Shane Emmons , Amy Fox , Kyle Bacon , Kelley McAllister , Peter Ortiz , Krisztian Flautner

The emergence of multimodal large language models has redefined the agent paradigm by integrating language and vision modalities with external data sources, enabling agents to better interpret human instructions and execute increasingly…

Computer Vision and Pattern Recognition · Computer Science 2025-07-29 Le Wang , Zonghao Ying , Tianyuan Zhang , Siyuan Liang , Shengshan Hu , Mingchuan Zhang , Aishan Liu , Xianglong Liu

The strong planning and reasoning capabilities of Large Language Models (LLMs) have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these…

Cryptography and Security · Computer Science 2025-06-17 Zhun Wang , Vincent Siu , Zhe Ye , Tianneng Shi , Yuzhou Nie , Xuandong Zhao , Chenguang Wang , Wenbo Guo , Dawn Song

Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing…

Cryptography and Security · Computer Science 2026-05-13 Chia-Pei , Chen , Kentaroh Toyoda , Anita Lai , Alex Leung

LLM-based agents are increasingly deployed for complex tasks requiring planning, tool use, and interaction with external services. Their reliance on untrusted external content exposes them to indirect prompt injection (IPI), in which…

Machine Learning · Computer Science 2026-05-26 Zixuan Chen , Jiaxiang Chen , Li Luo , Ke Xu , Xiaoxiang Huang , Tanfeng Sun , Xinghao Jiang

As Large Language Models (LLMs) grow increasingly powerful, multi-agent systems are becoming more prevalent in modern AI applications. Most safety research, however, has focused on vulnerabilities in single-agent LLMs. These include prompt…

Multiagent Systems · Computer Science 2024-10-11 Donghyun Lee , Mo Tiwari

The proliferation of agentic AI coding assistants, including Claude Code, GitHub Copilot, Cursor, and emerging skill-based architectures, has fundamentally transformed software development workflows. These systems leverage Large Language…

Cryptography and Security · Computer Science 2026-01-27 Narek Maloyan , Dmitry Namiot

With the advancement of technology, large language models (LLMs) have achieved remarkable performance across various natural language processing (NLP) tasks, powering LLM-integrated applications like Microsoft Copilot. However, as LLMs…

Cryptography and Security · Computer Science 2025-08-05 Yulin Chen , Haoran Li , Zihao Zheng , Yangqiu Song , Dekai Wu , Bryan Hooi

We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting (XSS): malicious text is hidden within seemingly trusted content,…

Cryptography and Security · Computer Science 2025-11-18 Víctor Mayoral-Vilches , Per Mannermaa Rynning