English
Related papers

Related papers: Bypassing AI Control Protocols via Agent-as-a-Prox…

200 papers

AI agents that autonomously interact with external tools and environments have shown great promise across real-world applications. However, their reliance on external data exposes them to serious indirect prompt injection attacks, where…

Cryptography and Security · Computer Science 2026-05-08 Hao Li , Ruoyao Wen , Shanghao Shi , Ning Zhang , Yevgeniy Vorobeychik , Chaowei Xiao

Multimodal agents built on large vision-language models (LVLMs) are increasingly deployed in open-world settings but remain highly vulnerable to prompt injection, especially through visual inputs. We introduce AgentTypo, a black-box…

Cryptography and Security · Computer Science 2025-10-07 Yanjie Li , Yiming Cao , Dong Wang , Bin Xiao

Prompt injection attacks, where malicious input is designed to manipulate AI systems into ignoring their original instructions and following unauthorized commands instead, were first discovered by Preamble, Inc. in May 2022 and responsibly…

Cryptography and Security · Computer Science 2025-07-18 Jeremy McHugh , Kristina Šekrst , Jon Cefalu

Large Language Models (LLMs) have become integral to many applications, with system prompts serving as a key mechanism to regulate model behavior and ensure ethical outputs. In this paper, we introduce a novel backdoor attack that…

Cryptography and Security · Computer Science 2024-10-08 Lu Yan , Siyuan Cheng , Xuan Chen , Kaiyuan Zhang , Guangyu Shen , Zhuo Zhang , Xiangyu Zhang

Large Language Model (LLM)-based agents with function-calling capabilities are increasingly deployed, but remain vulnerable to Indirect Prompt Injection (IPI) attacks that hijack their tool calls. In response, numerous IPI-centric defense…

Cryptography and Security · Computer Science 2025-11-20 Zimo Ji , Xunguang Wang , Zongjie Li , Pingchuan Ma , Yudong Gao , Daoyuan Wu , Xincheng Yan , Tian Tian , Shuai Wang

Large language models increasingly operate as autonomous agents that select and invoke tools from large registries. We identify a critical gap: when unauthorized tools are visible in an agent's context, models select them in adversarial…

Cryptography and Security · Computer Science 2026-05-19 Rohith Uppala

As AI systems gain increasing autonomy and execution capability, the number of discovered security vulnerabilities continues to rise. However, many of these vulnerabilities are not fundamentally novel, but instead reflect recurring classes…

Cryptography and Security · Computer Science 2026-05-27 Kevin Eykholt , Dhilung Kirat , Xiaokui Shu , Jiyong Jang , Frederico Araujo , Ian Molloy

Agentic AI systems powered by large language models (LLMs) and endowed with planning, tool use, memory, and autonomy, are emerging as powerful, flexible platforms for automation. Their ability to autonomously execute tasks across web,…

Artificial Intelligence · Computer Science 2026-04-07 Anshuman Chhabra , Shrestha Datta , Shahriar Kabir Nahin , Prasant Mohapatra

Agentic AI coding editors driven by large language models have recently become more popular due to their ability to improve developer productivity during software development. Modern editors such as Cursor are designed not just for code…

Cryptography and Security · Computer Science 2026-04-29 Yue Liu , Yanjie Zhao , Yunbo Lyu , Ting Zhang , Haoyu Wang , David Lo

When AI agents retrieve and reason over external documents, adversaries can manipulate the data they receive to subvert their behaviour. Previous research has studied indirect prompt injection, where the attacker injects malicious…

Computation and Language · Computer Science 2025-10-14 Michael Schlichtkrull

The critical challenge of prompt injection attacks in Large Language Models (LLMs) integrated applications, a growing concern in the Artificial Intelligence (AI) field. Such attacks, which manipulate LLMs through natural language inputs,…

Cryptography and Security · Computer Science 2024-01-17 Xuchen Suo

Indirect prompt injection attacks (IPIAs), where large language models (LLMs) follow malicious instructions hidden in input data, pose a critical threat to LLM-powered agents. In this paper, we present IntentGuard, a general defense…

Cryptography and Security · Computer Science 2025-12-02 Mintong Kang , Chong Xiang , Sanjay Kariyappa , Chaowei Xiao , Bo Li , Edward Suh

The integration of large language models with external content has enabled applications such as Microsoft Copilot but also introduced vulnerabilities to indirect prompt injection attacks. In these attacks, malicious instructions embedded…

Computation and Language · Computer Science 2025-01-28 Jingwei Yi , Yueqi Xie , Bin Zhu , Emre Kiciman , Guangzhong Sun , Xing Xie , Fangzhao Wu

Modern coding agents integrated into IDEs orchestrate powerful tools and high-privilege system access, creating a high-stakes attack surface. Prior work on Indirect Prompt Injection (IPI) is mainly query-specific, requiring particular user…

Cryptography and Security · Computer Science 2026-01-15 Yuchong Xie , Zesen Liu , Mingyu Luo , Zhixiang Zhang , Kaikai Zhang , Yuanyuan Yuan , Zongjie Li , Ping Chen , Shuai Wang , Dongdong She

Computer-use agents are increasingly capable of operating on real operating systems, but this capability has also increased the risks posed by prompt injection, indirect instructions, and visual attacks. Existing defenses typically rely on…

Computation · Statistics 2026-05-14 Kebin Contreras , Carlos Hinojosa , Jorge Bacca , Bernard Ghanem

As large language models (LLMs) advance, ensuring AI safety and alignment is paramount. One popular approach is prompt guards, lightweight mechanisms designed to filter malicious queries while being easy to implement and update. In this…

Machine Learning · Computer Science 2025-10-08 Jaiden Fairoze , Sanjam Garg , Keewoo Lee , Mingyuan Wang

Multimodal Large Language Models (MLLMs) integrate vision and text to power applications, but this integration introduces new vulnerabilities. We study Image-based Prompt Injection (IPI), a black-box attack in which adversarial instructions…

Computer Vision and Pattern Recognition · Computer Science 2026-03-05 Neha Nagaraja , Lan Zhang , Zhilong Wang , Bo Zhang , Pawan Patil

Large Language Model (LLM) agents are susceptible to Indirect Prompt Injection (IPI) attacks, where malicious instructions in retrieved content hijack the agent's execution. Existing defenses typically rely on strict filtering or refusal…

Artificial Intelligence · Computer Science 2026-02-25 Che Wang , Fuyao Zhang , Jiaming Zhang , Ziqi Zhang , Yinghui Wang , Longtao Huang , Jianbo Gao , Zhong Chen , Wei Yang Bryan Lim

AI agents capable of GUI understanding and Model Context Protocol are increasingly deployed to automate mobile tasks. However, their reliance on over-privileged, static permissions creates a critical vulnerability: instruction injection.…

Cryptography and Security · Computer Science 2025-10-31 Yifeng Cai , Ziming Wang , Zhaomeng Deng , Mengyu Yao , Junlin Liu , Yutao Hu , Ziqi Zhang , Yao Guo , Ding Li

AI agents have been boosted by large language models. AI agents can function as intelligent assistants and complete tasks on behalf of their users with access to tools and the ability to execute commands in their environments. Through…

Cryptography and Security · Computer Science 2024-12-19 Yifeng He , Ethan Wang , Yuyang Rong , Zifei Cheng , Hao Chen