English
Related papers

Related papers: Bypassing AI Control Protocols via Agent-as-a-Prox…

200 papers

Agentic AI introduces security vulnerabilities that traditional LLM safeguards fail to address. Although recent work by Unit 42 at Palo Alto Networks demonstrated that ChatGPT-4o successfully executes attacks as an agent that it refuses in…

Cryptography and Security · Computer Science 2025-12-18 Viet K. Nguyen , Mohammad I. Husain

Guardrail models (a.k.a. safety checkers) are widely deployed to screen user inputs before they reach large language models (LLMs), serving as a primary defense against prompt injection attacks. Due to strict context constraints, these…

Cryptography and Security · Computer Science 2026-05-25 Yuanbo Zhou , Changjia Zhu , Junyu Wang , Xu He , Yan Zhai , Kun Sun , Mingkui Wei , Junjie Xiong

Multi-agent discussions have been widely adopted, motivating growing efforts to develop attacks that expose their vulnerabilities. In this work, we study a practical yet largely unexplored attack scenario, the discussion-monitored scenario,…

Cryptography and Security · Computer Science 2026-03-24 Qiuchi Xiang , Haoxuan Qu , Hossein Rahmani , Jun Liu

In recent years, Large-Language-Model-driven AI agents have exhibited unprecedented intelligence and adaptability. Nowadays, agents are undergoing a new round of evolution. They no longer act as an isolated island like LLMs. Instead, they…

Recent AI systems combine large language models with tools, external knowledge via retrieval-augmented generation (RAG), and even autonomous multi-agent decision loops. This agentic AI paradigm greatly expands capabilities - but also vastly…

Cryptography and Security · Computer Science 2026-03-25 Ali Dehghantanha , Sajad Homayoun

Large Language Model (LLM) Agents are an emerging computing paradigm that blends generative machine learning with tools such as code interpreters, web browsing, email, and more generally, external resources. These agent-based systems…

Cryptography and Security · Computer Science 2024-10-23 Xiaohan Fu , Shuheng Li , Zihan Wang , Yihao Liu , Rajesh K. Gupta , Taylor Berg-Kirkpatrick , Earlence Fernandes

Agentic systems increasingly rely on language models to monitor their own behavior. For example, coding agents may self critique generated code for pull request approval or assess the safety of tool-use actions. We show that this design…

Artificial Intelligence · Computer Science 2026-03-06 Dipika Khullar , Jack Hopkins , Rowan Wang , Fabien Roger

Autonomous AI agents powered by Large Language Models can reason, plan, and execute complex tasks, but their ability to autonomously retrieve information and run code introduces significant security risks. Existing approaches attempt to…

Cryptography and Security · Computer Science 2026-04-09 Hongyi Lu , Nian Liu , Shuai Wang , Fengwei Zhang

Googles A2A protocol provides a secure communication framework for AI agents but demonstrates critical limitations when handling highly sensitive information such as payment credentials and identity documents. These gaps increase the risk…

Cryptography and Security · Computer Science 2025-09-01 Yedidel Louck , Ariel Stulman , Amit Dvir

Agentic AI systems, specifically LLM-driven agents that plan, invoke tools, maintain persistent memory, and delegate tasks to peer agents via protocols such as MCP and A2A, introduce a threat surface that differs materially from standalone…

Cryptography and Security · Computer Science 2026-05-08 Javad Forough , Marios Kogias , Hamed Haddadi

The increasing adoption of LLM agents with access to numerous tools and sensitive data significantly widens the attack surface for indirect prompt injections. Due to the context-dependent nature of attacks, however, current defenses are…

Cryptography and Security · Computer Science 2025-10-13 Debeshee Das , Luca Beurer-Kellner , Marc Fischer , Maximilian Baader

Large language models (LLMs) have evolved from simple chatbots into autonomous agents capable of performing complex tasks such as editing production code, orchestrating workflows, and taking higher-stakes actions based on untrusted inputs…

Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to follow deployment policies in realistic…

Multiple prompt injection attacks have been proposed against web agents. At the same time, various methods have been developed to detect general prompt injection attacks, but none have been systematically evaluated for web agents. In this…

Cryptography and Security · Computer Science 2025-10-03 Yinuo Liu , Ruohan Xu , Xilong Wang , Yuqi Jia , Neil Zhenqiang Gong

In recent years, agentic artificial intelligence (AI) systems are becoming increasingly widespread. These systems allow agents to use various tools, such as web browsers, compilers, and more. However, despite their popularity, agentic AI…

Large Language Models (LLMs) have demonstrated remarkable capabilities in natural language understanding, code generation, and complex planning. Simultaneously, Multi-Agent Systems (MAS) have garnered attention for their potential to enable…

Computation and Language · Computer Science 2025-06-06 Can Zheng , Yuhan Cao , Xiaoning Dong , Tianxing He

A Large Language Model (LLM) powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces (GUIs)…

The emergence of LLM (Large Language Model) integrated virtual assistants has brought about a rapid transformation in communication dynamics. During virtual assistant development, some developers prefer to leverage the system message, also…

Cryptography and Security · Computer Science 2024-01-03 Chun Fai Chan , Daniel Wankit Yip , Aysan Esmradi

AI agents are autonomous systems that combine LLMs with external tools to solve complex tasks. While such tools extend capability, improper tool permissions introduce security risks such as indirect prompt injection and tool misuse. We…

Cryptography and Security · Computer Science 2026-01-21 Roy Betser , Shamik Bose , Amit Giloni , Chiara Picardi , Sindhu Padakandla , Roman Vainshtein

As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control (IFC) to provide security guarantees…