English
Related papers

Related papers: AgentSys: Secure and Dynamic LLM Agents Through Ex…

200 papers

The growing deployment of large language model (LLM) based agents that interact with external environments has created new attack surfaces for adversarial manipulation. One major threat is indirect prompt injection, where attackers embed…

Computation and Language · Computer Science 2026-04-14 Hwan Chang , Yonghyun Jun , Hwanhee Lee

Large language models (LLMs) are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation (RAG) allows…

Cryptography and Security · Computer Science 2026-04-13 Dennis Rall , Bernhard Bauer , Mohit Mittal , Thomas Fraunholz

Large Language Model (LLM) based agents integrated into web browsers (often called agentic AI browsers) offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions…

Cryptography and Security · Computer Science 2025-10-16 Avihay Cohen

AI agents that autonomously interact with external tools and environments have shown great promise across real-world applications. However, their reliance on external data exposes them to serious indirect prompt injection attacks, where…

Cryptography and Security · Computer Science 2026-05-08 Hao Li , Ruoyao Wen , Shanghao Shi , Ning Zhang , Yevgeniy Vorobeychik , Chaowei Xiao

Large language model (LLM) agents increasingly operate in settings where a single context window is far too small to capture what has happened, what was learned, and what should not be repeated. Memory -- the ability to persist, organize,…

Artificial Intelligence · Computer Science 2026-03-10 Pengfei Du

The evolution from static ranking models to Agentic Recommender Systems (Agentic RecSys) empowers AI agents to maintain long-term user profiles and autonomously plan service tasks. While this paradigm shift enhances personalization, it…

Cryptography and Security · Computer Science 2026-04-21 Jiachen Qian

The increasing adoption of LLM agents with access to numerous tools and sensitive data significantly widens the attack surface for indirect prompt injections. Due to the context-dependent nature of attacks, however, current defenses are…

Cryptography and Security · Computer Science 2025-10-13 Debeshee Das , Luca Beurer-Kellner , Marc Fischer , Maximilian Baader

Recent advances in foundation models have transformed LLMs from passive conversational systems into autonomous agents capable of reasoning and tool execution. While these capabilities unlock substantial practical value, they also introduce…

Cryptography and Security · Computer Science 2026-05-25 Zhe Liu , Zonghao Ying , Wenxin Zhang , Quanchen Zou , Deyue Zhang , Dongdong Yang , Xiangzheng Zhang , Hao Peng

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

Large Language Model (LLM) agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the…

Cryptography and Security · Computer Science 2026-05-13 Zi Liang , Ronghua Li , Yanyun Wang , Qingqing Ye , Haibo Hu

Large Language Models (LLMs) are increasingly being integrated into various applications. The functionalities of recent LLMs can be flexibly modulated via natural language prompts. This renders them susceptible to targeted adversarial…

Cryptography and Security · Computer Science 2023-05-08 Kai Greshake , Sahar Abdelnabi , Shailesh Mishra , Christoph Endres , Thorsten Holz , Mario Fritz

We introduce MemLineage, a defense for LLM agent memory that attaches both cryptographic provenance and LLM-mediated derivation lineage to every entry. Recent and concurrent work shows that untrusted content can be written into persistent…

Cryptography and Security · Computer Science 2026-05-15 Ciyan Ouyang , Rui Hou

Large Language Model (LLM) web agents often struggle with long-horizon web navigation and web task completion in new websites, producing inefficient action sequences unless fine-tuned on environment-specific data. We show that…

Agents powered by large language models (LLMs) have demonstrated strong capabilities in a wide range of complex, real-world applications. However, LLM agents with a compromised memory bank may easily produce harmful outputs when the past…

Machine Learning · Computer Science 2026-02-16 Shen Dong , Shaochen Xu , Pengfei He , Yige Li , Jiliang Tang , Tianming Liu , Hui Liu , Zhen Xiang

Large Language Models (LLMs) face a crucial challenge from fixed context windows and inadequate memory management, leading to a severe shortage of long-term memory capabilities and limited personalization in the interactive experience with…

Artificial Intelligence · Computer Science 2025-06-10 Jiazheng Kang , Mingming Ji , Zhe Zhao , Ting Bai

Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written…

Cryptography and Security · Computer Science 2026-05-05 Mingming Zha , Xiaofeng Wang

Defenses against indirect prompt injection (IPI) in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been…

Cryptography and Security · Computer Science 2026-05-13 Yassin H. Rassul , Tarik A. Rashid

Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing…

Cryptography and Security · Computer Science 2026-04-08 Wei Zou , Mingwen Dong , Miguel Romero Calvo , Shuaichen Chang , Jiang Guo , Dongkyu Lee , Xing Niu , Xiaofei Ma , Yanjun Qi , Jiarong Jiang

LLM agents are highly vulnerable to Indirect Prompt Injection (IPI), where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination…

Cryptography and Security · Computer Science 2026-03-12 Yu He , Haozhe Zhu , Yiming Li , Shuo Shao , Hongwei Yao , Zhihao Liu , Zhan Qin

For LLM agents, memory management critically impacts efficiency, quality, and security. While much research focuses on retention, selective forgetting--inspired by human cognitive processes (hippocampal indexing/consolidation theory and…

Artificial Intelligence · Computer Science 2026-04-24 Yingjie Gu , Wenjian Xiong , Liqiang Wang , Pengcheng Ren , Chao Li , Xiaojing Zhang , Yijuan Guo , Qi Sun , Jingyao Ma , Shidang Shi