English
Related papers

Related papers: Bypassing AI Control Protocols via Agent-as-a-Prox…

200 papers

Automated control monitors could play an important role in overseeing highly capable AI agents that we do not fully trust. Prior work has explored control monitoring in simplified settings, but scaling monitoring to real-world deployments…

Cryptography and Security · Computer Science 2025-12-30 David Lindner , Charlie Griffin , Tomek Korbak , Roland S. Zimmermann , Geoffrey Irving , Sebastian Farquhar , Alan Cooney

Modern language models have enabled the development of agentic systems that achieve strong performance on reasoning-intensive tasks. Unfortunately, this has come with a security cost; these systems are vulnerable to prompt injection, a…

Cryptography and Security · Computer Science 2026-05-12 Dennis Jacob , Emad Alghamdi , Zhanhao Hu , Basel Alomair , David Wagner

AI agents are beginning to interact with each other directly and across internet platforms and physical environments, creating security challenges beyond traditional cybersecurity and AI safety frameworks. Free-form protocols are essential…

Large Language Model (LLM) agents offer a powerful new paradigm for solving various problems by combining natural language reasoning with the execution of external tools. However, their dynamic and non-transparent behavior introduces…

Cryptography and Security · Computer Science 2025-11-19 Peiran Wang , Yang Liu , Yunfei Lu , Yifeng Cai , Hongbo Chen , Qingyou Yang , Jie Zhang , Jue Hong , Ye Wu

Large Language Models (LLMs) are increasingly deployed in agentic systems that interact with an untrusted environment. However, LLM agents are vulnerable to prompt injection attacks when handling untrusted data. In this paper we propose…

Large Language Model (LLM) agents are increasingly being deployed as conversational assistants capable of performing complex real-world tasks through tool integration. This enhanced ability to interact with external systems and process…

Cryptography and Security · Computer Science 2024-12-24 Feiran Jia , Tong Wu , Xin Qin , Anna Squicciarini

LLM agents are widely used as agents for customer support, content generation, and code assistance. However, they are vulnerable to prompt injection attacks, where adversarial inputs manipulate the model's behavior. Traditional defenses…

Cryptography and Security · Computer Science 2025-06-09 Zhilong Wang , Neha Nagaraja , Lan Zhang , Hayretdin Bahsi , Pawan Patil , Peng Liu

AI agents interact with external environments through tool calls, exposing them to attacks like indirect prompt injection that can trigger unauthorized actions. Securing these agents is challenging: they behave autonomously and…

Cryptography and Security · Computer Science 2026-05-15 Tianneng Shi , Jingxuan He , Zhun Wang , Hongwei Li , Linyu Wu , Wenbo Guo , Dawn Song

Large language models (LLMs)-powered AI agents exhibit a high level of autonomy in addressing medical and healthcare challenges. With the ability to access various tools, they can operate within an open-ended action space. However, with the…

Cryptography and Security · Computer Science 2025-04-08 Jianing Qiu , Lin Li , Jiankai Sun , Hao Wei , Zhe Xu , Kyle Lam , Wu Yuan

When large language model (LLM) agents are increasingly deployed to automate tasks and interact with untrusted external data, prompt injection emerges as a significant security threat. By injecting malicious instructions into the data that…

Cryptography and Security · Computer Science 2026-02-05 Yizhu Wang , Sizhe Chen , Raghad Alkhudair , Basel Alomair , David Wagner

Large Language Models (LLMs) have been integrated into many applications (e.g., web agents) to perform more sophisticated tasks. However, LLM-empowered applications are vulnerable to Indirect Prompt Injection (IPI) attacks, where…

Cryptography and Security · Computer Science 2025-12-12 Yinan Zhong , Qianhao Miao , Yanjiao Chen , Jiangyi Deng , Yushi Cheng , Wenyuan Xu

Defenses against indirect prompt injection (IPI) in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been…

Cryptography and Security · Computer Science 2026-05-13 Yassin H. Rassul , Tarik A. Rashid

Autonomous UI agents powered by AI have tremendous potential to boost human productivity by automating routine tasks such as filing taxes and paying bills. However, a major challenge in unlocking their full potential is security, which is…

Cryptography and Security · Computer Science 2025-05-20 Ivan Evtimov , Arman Zharmagambetov , Aaron Grattafiori , Chuan Guo , Kamalika Chaudhuri

Honeypots are deception systems that emulate vulnerable services to collect threat intelligence. While deploying many honeypots increases the opportunity to observe attacker behaviour, in practise network and computational resources limit…

Cryptography and Security · Computer Science 2026-03-17 Federico Mirra , Matteo Boffa , Idilio Drago , Danilo Giordano , Marco Mellia

Most discussions about Large Language Model (LLM) safety have focused on single-agent settings but multi-agent LLM systems now create novel adversarial risks because their behavior depends on communication between agents and decentralized…

Multiagent Systems · Computer Science 2025-10-10 Rana Muhammad Shahroz Khan , Zhen Tan , Sukwon Yun , Charles Fleming , Tianlong Chen

This report presents a real-world case study demonstrating how prompt injection can attack large language model platforms such as ChatGPT according to a proposed injection framework. By providing three real-world examples, we show how…

Cryptography and Security · Computer Science 2025-04-24 Xiangyu Chang , Guang Dai , Hao Di , Haishan Ye

In the rapidly evolving landscape of artificial intelligence, ChatGPT has been widely used in various applications. The new feature - customization of ChatGPT models by users to cater to specific needs has opened new frontiers in AI…

Cryptography and Security · Computer Science 2024-05-28 Jiahao Yu , Yuhang Wu , Dong Shu , Mingyu Jin , Sabrina Yang , Xinyu Xing

When large language model (LLM) systems interact with external data to perform complex tasks, a new attack, namely prompt injection, becomes a significant threat. By injecting instructions into the data accessed by the system, the attacker…

Cryptography and Security · Computer Science 2025-08-26 Sizhe Chen , Yizhu Wang , Nicholas Carlini , Chawin Sitawarin , David Wagner

This research paper explores the privacy and security threats posed to an Agentic AI system with direct access to database systems. Such access introduces significant risks, including unauthorized retrieval of sensitive information,…

Cryptography and Security · Computer Science 2024-12-10 Raihan Khan , Sayak Sarkar , Sainik Kumar Mahata , Edwin Jose

Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface.…

Cryptography and Security · Computer Science 2025-05-20 Mykyta Mudryi , Markiyan Chaklosh , Grzegorz Wójcik