English
Related papers

Related papers: SkillJect: Effectively Automating Skill-Based Prom…

200 papers

Large language models (LLMs) and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: (1) their effectiveness degrades…

Cryptography and Security · Computer Science 2026-04-02 Yanting Wang , Wei Zou , Runpeng Geng , Jinyuan Jia

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces…

Cryptography and Security · Computer Science 2026-05-28 Chang Jin , An Wang , Zeming Wei , Kai Wang , Biaojie Zeng , Qiaosheng Zhang , Chao Yang , Jingjing Qu , Xia Hu , Xingcheng Xu

LLM-based agents are increasingly deployed for complex tasks requiring planning, tool use, and interaction with external services. Their reliance on untrusted external content exposes them to indirect prompt injection (IPI), in which…

Machine Learning · Computer Science 2026-05-26 Zixuan Chen , Jiaxiang Chen , Li Luo , Ke Xu , Xiaoxiang Huang , Tanfeng Sun , Xinghao Jiang

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces enable real-time data retrieval, computation, and multi-step orchestration. However, the rapid growth of plugins, connectors, and…

Cryptography and Security · Computer Science 2025-12-16 Mohamed Amine Ferrag , Norbert Tihanyi , Djallel Hamouda , Leandros Maglaras , Abderrahmane Lakas , Merouane Debbah

LLM agents process trusted instructions, retrieved records, and tool observations through a common generative channel. This conflates data flow with authority: an untrusted string can affect a secret-bearing response or an action proposal…

Cryptography and Security · Computer Science 2026-05-27 Faruk Alpay , Taylan Alpay

Tool selection is a key component of LLM agents. A popular approach follows a two-step process - \emph{retrieval} and \emph{selection} - to pick the most appropriate tool from a tool library for a given task. In this work, we introduce…

Cryptography and Security · Computer Science 2025-08-26 Jiawen Shi , Zenghui Yuan , Guiyao Tie , Pan Zhou , Neil Zhenqiang Gong , Lichao Sun

The adoption of Vision-Language Models (VLMs) in embodied AI agents, while being effective, brings safety concerns such as jailbreaking. Prior work have explored the possibility of directly jailbreaking the embodied agents through…

Cryptography and Security · Computer Science 2025-11-21 Chunyang Li , Zifeng Kang , Junwei Zhang , Zhuo Ma , Anda Cheng , Xinghua Li , Jianfeng Ma

LLM-integrated applications are vulnerable to prompt injection attacks, where an attacker contaminates the input to inject malicious instructions, causing the LLM to follow the attacker's intent instead of the original user's. Existing…

Cryptography and Security · Computer Science 2026-01-27 Wei Zou , Yupei Liu , Yanting Wang , Ying Chen , Neil Gong , Jinyuan Jia

The transition from monolithic language models to modular, skill-equipped agents marks a defining shift in how large language models (LLMs) are deployed in practice. Rather than encoding all procedural knowledge within model weights, agent…

Multiagent Systems · Computer Science 2026-02-18 Renjun Xu , Yang Yan

As Large Language Models (LLMs) grow increasingly powerful, multi-agent systems are becoming more prevalent in modern AI applications. Most safety research, however, has focused on vulnerabilities in single-agent LLMs. These include prompt…

Multiagent Systems · Computer Science 2024-10-11 Donghyun Lee , Mo Tiwari

Prompt injection attack, where an attacker injects a prompt into the original one, aiming to make an Large Language Model (LLM) follow the injected prompt to perform an attacker-chosen task, represent a critical security threat. Existing…

Cryptography and Security · Computer Science 2025-09-16 Zedian Shao , Hongbin Liu , Jaden Mu , Neil Zhenqiang Gong

LLM workflows, which coordinate structured calls to individual LLMs/agents to achieve a particular goal, offer a promising path towards building powerful AI systems that can tackle diverse tasks. However, existing approaches for building…

Computation and Language · Computer Science 2026-05-04 Hongyeon Yu , Young-Bum Kim , Yoon Kim

We introduce a new family of prompt injection attacks, termed Neural Exec. Unlike known attacks that rely on handcrafted strings (e.g., "Ignore previous instructions and..."), we show that it is possible to conceptualize the creation of…

Cryptography and Security · Computer Science 2024-05-03 Dario Pasquini , Martin Strohmeier , Carmela Troncoso

Large Language Model (LLM) agents are increasingly being deployed as conversational assistants capable of performing complex real-world tasks through tool integration. This enhanced ability to interact with external systems and process…

Cryptography and Security · Computer Science 2024-12-24 Feiran Jia , Tong Wu , Xin Qin , Anna Squicciarini

AI agents aim to solve complex tasks by combining text-based reasoning with external tool calls. Unfortunately, AI agents are vulnerable to prompt injection attacks where data returned by external tools hijacks the agent to execute…

Cryptography and Security · Computer Science 2024-11-26 Edoardo Debenedetti , Jie Zhang , Mislav Balunović , Luca Beurer-Kellner , Marc Fischer , Florian Tramèr

As the curation of data for machine learning becomes increasingly automated, dataset tampering is a mounting threat. Backdoor attackers tamper with training data to embed a vulnerability in models that are trained on that data. This…

Machine Learning · Computer Science 2022-10-14 Hossein Souri , Liam Fowl , Rama Chellappa , Micah Goldblum , Tom Goldstein

The strong planning and reasoning capabilities of Large Language Models (LLMs) have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these…

Cryptography and Security · Computer Science 2025-06-17 Zhun Wang , Vincent Siu , Zhe Ye , Tianneng Shi , Yuzhou Nie , Xuandong Zhao , Chenguang Wang , Wenbo Guo , Dawn Song

Autonomous LLM agents can issue thousands of API calls per hour without human oversight. OAuth 2.0 assumes deterministic clients, but in agentic settings stochastic reasoning, prompt injection, or multi-agent orchestration can silently…

Cryptography and Security · Computer Science 2025-09-18 Abhishek Goswami

Large Language Models (LLMs) are increasingly integrated into real-world applications, from virtual assistants to autonomous agents. However, their flexibility also introduces new attack vectors-particularly Prompt Injection (PI), where…

Cryptography and Security · Computer Science 2025-09-17 Mengxiao Wang , Yuxuan Zhang , Guofei Gu