English
Related papers

Related papers: AdapTools: Adaptive Tool-based Indirect Prompt Inj…

200 papers

Large Language Model (LLM) agents exhibit remarkable performance across diverse applications by using external tools to interact with environments. However, integrating external tools introduces security risks, such as indirect prompt…

Cryptography and Security · Computer Science 2025-03-05 Qiusi Zhan , Richard Fang , Henil Shalin Panchal , Daniel Kang

Large language model (LLM) agents are widely deployed in real-world applications, where they leverage tools to retrieve and manipulate external data for complex tasks. However, when interacting with untrusted data sources (e.g., fetching…

Cryptography and Security · Computer Science 2025-08-22 Hengyu An , Jinghuai Zhang , Tianyu Du , Chunyi Zhou , Qingming Li , Tao Lin , Shouling Ji

As LLM agents transition from digital assistants to physical controllers in autonomous systems and robotics, they face an escalating threat from indirect prompt injection. By embedding adversarial instructions into the results of tool…

Artificial Intelligence · Computer Science 2026-01-09 Qiang Yu , Xinran Cheng , Chuanyi Liu

Large language model (LLM) agents increasingly rely on external tools and retrieval systems to autonomously complete complex tasks. However, this design exposes agents to indirect prompt injection (IPI), where attacker-controlled context…

Cryptography and Security · Computer Science 2026-02-27 Tian Zhang , Yiwei Xu , Juan Wang , Keyan Guo , Xiaoyang Xu , Bowen Xiao , Quanlong Guan , Jinlin Fan , Jiawei Liu , Zhiquan Liu , Hongxin Hu

The proliferation of agentic AI coding assistants, including Claude Code, GitHub Copilot, Cursor, and emerging skill-based architectures, has fundamentally transformed software development workflows. These systems leverage Large Language…

Cryptography and Security · Computer Science 2026-01-27 Narek Maloyan , Dmitry Namiot

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces enable real-time data retrieval, computation, and multi-step orchestration. However, the rapid growth of plugins, connectors, and…

Cryptography and Security · Computer Science 2025-12-16 Mohamed Amine Ferrag , Norbert Tihanyi , Djallel Hamouda , Leandros Maglaras , Abderrahmane Lakas , Merouane Debbah

LLM-based agents are increasingly deployed for complex tasks requiring planning, tool use, and interaction with external services. Their reliance on untrusted external content exposes them to indirect prompt injection (IPI), in which…

Machine Learning · Computer Science 2026-05-26 Zixuan Chen , Jiaxiang Chen , Li Luo , Ke Xu , Xiaoxiang Huang , Tanfeng Sun , Xinghao Jiang

Large language models (LLMs) are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation (RAG) allows…

Cryptography and Security · Computer Science 2026-04-13 Dennis Rall , Bernhard Bauer , Mohit Mittal , Thomas Fraunholz

Defenses against indirect prompt injection (IPI) in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been…

Cryptography and Security · Computer Science 2026-05-13 Yassin H. Rassul , Tarik A. Rashid

Multimodal agents built on large vision-language models (LVLMs) are increasingly deployed in open-world settings but remain highly vulnerable to prompt injection, especially through visual inputs. We introduce AgentTypo, a black-box…

Cryptography and Security · Computer Science 2025-10-07 Yanjie Li , Yiming Cao , Dong Wang , Bin Xiao

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose…

Computation and Language · Computer Science 2026-04-07 Wenhui Zhu , Xuanzhao Dong , Xiwen Chen , Rui Cai , Peijie Qiu , Zhipeng Wang , Oana Frunza , Shao Tang , Jindong Gu , Yalin Wang

AI agents are vulnerable to indirect prompt injection attacks, where malicious instructions embedded in external content or tool outputs cause unintended or harmful behavior. Inspired by the well-established concept of firewalls, we show…

Cryptography and Security · Computer Science 2026-03-24 Rishika Bhagwatkar , Kevin Kasa , Abhay Puri , Gabriel Huang , Irina Rish , Graham W. Taylor , Krishnamurthy Dj Dvijotham , Alexandre Lacoste

Recent research has explored that LLM agents are vulnerable to indirect prompt injection (IPI) attacks, where malicious tasks embedded in tool-retrieved information can redirect the agent to take unauthorized actions. Existing defenses…

Cryptography and Security · Computer Science 2025-06-12 Kaijie Zhu , Xianjun Yang , Jindong Wang , Wenbo Guo , William Yang Wang

LLM agents are highly vulnerable to Indirect Prompt Injection (IPI), where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination…

Cryptography and Security · Computer Science 2026-03-12 Yu He , Haozhe Zhu , Yiming Li , Shuo Shao , Hongwei Yao , Zhihao Liu , Zhan Qin

AI control protocols serve as a defense mechanism to stop untrusted LLM agents from causing harm in autonomous settings. Prior work treats this as a security problem, stress testing with exploits that use the deployment context to subtly…

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection (IPI) attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought (CoT) and tool-use actions to…

Cryptography and Security · Computer Science 2026-02-26 Jafar Isbarov , Murat Kantarcioglu

Large language models (LLMs) increasingly rely on retrieving information from external corpora. This creates a new attack surface: indirect prompt injection (IPI), where hidden instructions are planted in the corpora and hijack model…

Cryptography and Security · Computer Science 2026-01-13 Hongyan Chang , Ergute Bao , Xinjian Luo , Ting Yu

The evolution of Large Language Models (LLMs) has resulted in a paradigm shift towards autonomous agents, necessitating robust security against Prompt Injection (PI) vulnerabilities where untrusted inputs hijack agent behaviors. This SoK…

Cryptography and Security · Computer Science 2026-02-12 Peiran Wang , Xinfeng Li , Chong Xiang , Jinghuai Zhang , Ying Li , Lixia Zhang , Xiaofeng Wang , Yuan Tian
‹ Prev 1 2 3 10 Next ›