English
Related papers

Related papers: Agent-Sentry: Bounding LLM Agents via Execution Pr…

200 papers

Large language model (LLM) agents increasingly rely on external tools and retrieval systems to autonomously complete complex tasks. However, this design exposes agents to indirect prompt injection (IPI), where attacker-controlled context…

Cryptography and Security · Computer Science 2026-02-27 Tian Zhang , Yiwei Xu , Juan Wang , Keyan Guo , Xiaoyang Xu , Bowen Xiao , Quanlong Guan , Jinlin Fan , Jiawei Liu , Zhiquan Liu , Hongxin Hu

AI agents aim to solve complex tasks by combining text-based reasoning with external tool calls. Unfortunately, AI agents are vulnerable to prompt injection attacks where data returned by external tools hijacks the agent to execute…

Cryptography and Security · Computer Science 2024-11-26 Edoardo Debenedetti , Jie Zhang , Mislav Balunović , Luca Beurer-Kellner , Marc Fischer , Florian Tramèr

Large Language Model (LLM) agents offer a powerful new paradigm for solving various problems by combining natural language reasoning with the execution of external tools. However, their dynamic and non-transparent behavior introduces…

Cryptography and Security · Computer Science 2025-11-19 Peiran Wang , Yang Liu , Yunfei Lu , Yifeng Cai , Hongbo Chen , Qingyou Yang , Jie Zhang , Jue Hong , Ye Wu

Tool-using LLM agents must act on untrusted webpages, emails, files, and API outputs while issuing privileged tool calls. Existing defenses often mediate trust at the granularity of an entire tool invocation, forcing a brittle choice in…

Cryptography and Security · Computer Science 2026-05-13 Linfeng Fan , Ziwei Li , Yuan Tian , Yichen Wang , Rongsheng Li , Xiong Wang

Modern AI agents execute real-world side effects through tool calls such as file operations, shell commands, HTTP requests, and database queries. A single unsafe action, including accidental deletion, credential exposure, or data…

Artificial Intelligence · Computer Science 2026-05-07 Chenglin Yang

Large Language Models (LLMs) have been increasingly integrated into computer-use agents, which can autonomously operate tools on a user's computer to accomplish complex tasks. However, due to the inherently unstable and unpredictable nature…

Cryptography and Security · Computer Science 2025-09-10 Haitao Hu , Peng Chen , Yanpeng Zhao , Yuqi Chen

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies,…

Cryptography and Security · Computer Science 2026-02-13 Aashish Kolluri , Rishi Sharma , Manuel Costa , Boris Köpf , Tobias Nießen , Mark Russinovich , Shruti Tople , Santiago Zanella-Béguelin

LLM agents process trusted instructions, retrieved records, and tool observations through a common generative channel. This conflates data flow with authority: an untrusted string can affect a secret-bearing response or an action proposal…

Cryptography and Security · Computer Science 2026-05-27 Faruk Alpay , Taylan Alpay

AI agents capable of GUI understanding and Model Context Protocol are increasingly deployed to automate mobile tasks. However, their reliance on over-privileged, static permissions creates a critical vulnerability: instruction injection.…

Cryptography and Security · Computer Science 2025-10-31 Yifeng Cai , Ziming Wang , Zhaomeng Deng , Mengyu Yao , Junlin Liu , Yutao Hu , Ziqi Zhang , Yao Guo , Ding Li

AI agents, predominantly powered by large language models (LLMs), are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our…

Cryptography and Security · Computer Science 2026-04-01 Chong Xiang , Drew Zagieboylo , Shaona Ghosh , Sanjay Kariyappa , Kai Greshake , Hanshen Xiao , Chaowei Xiao , G. Edward Suh

This position paper argues that securing LLM agents requires first defining an end-to-end correctness property that specifies when an agent's execution faithfully reflects the user's intent. Modern LLM agents operate over an…

Cryptography and Security · Computer Science 2026-05-19 Wenjie Qu , Ming Xu , Peiran Wang , Shengfang Zhai , Jiaheng Zhang , Dawn Song

Agents built on LLMs are increasingly deployed across diverse domains, automating complex decision-making and task execution. However, their autonomy introduces safety risks, including security vulnerabilities, legal violations, and…

Artificial Intelligence · Computer Science 2025-08-01 Haoyu Wang , Christopher M. Poskitt , Jun Sun

Previous benchmarks on prompt injection in large language models (LLMs) have primarily focused on generic tasks and attacks, offering limited insights into more complex threats like data exfiltration. This paper examines how prompt…

Cryptography and Security · Computer Science 2025-06-03 Meysam Alizadeh , Zeynab Samei , Daria Stetsenko , Fabrizio Gilardi

LLM-based agents are increasingly deployed in high-stakes scenarios such as email management, financial transactions, and code execution, where they interact with the external world through tool calling. During execution, these agents must…

Cryptography and Security · Computer Science 2026-05-27 Peiran Wang , Ying Li , Yuan Tian

Verifying LLM-generated systems code is hard: bugs are prevalent, formal specifications are missing, and safety contracts are encoded implicitly at call sites rather than enforced at function boundaries. We propose agentic model checking, a…

Software Engineering · Computer Science 2026-05-21 Youcheng Sun , Jiawen Liu , Daniel Kroening , Jason Xue

Large language models (LLMs) and their applications, such as agents, are highly vulnerable to prompt injection attacks. State-of-the-art prompt injection detection methods have the following limitations: (1) their effectiveness degrades…

Cryptography and Security · Computer Science 2026-04-02 Yanting Wang , Wei Zou , Runpeng Geng , Jinyuan Jia

Indirect prompt injection threatens LLM agents by embedding malicious instructions in external content, enabling unauthorized actions and data theft. LLM agents maintain working memory through their context window, which stores interaction…

Cryptography and Security · Computer Science 2026-02-10 Ruoyao Wen , Hao Li , Chaowei Xiao , Ning Zhang

AI agents are autonomous systems that combine LLMs with external tools to solve complex tasks. While such tools extend capability, improper tool permissions introduce security risks such as indirect prompt injection and tool misuse. We…

Cryptography and Security · Computer Science 2026-01-21 Roy Betser , Shamik Bose , Amit Giloni , Chiara Picardi , Sindhu Padakandla , Roman Vainshtein

Large Language Model (LLM) agents are increasingly being deployed as conversational assistants capable of performing complex real-world tasks through tool integration. This enhanced ability to interact with external systems and process…

Cryptography and Security · Computer Science 2024-12-24 Feiran Jia , Tong Wu , Xin Qin , Anna Squicciarini

Large Language Model (LLM) agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt…

Cryptography and Security · Computer Science 2026-04-28 Zonghao Ying , Haozheng Wang , Jiangfan Liu , Quanchen Zou , Aishan Liu , Jian Yang , Yaodong Yang , Xianglong Liu
‹ Prev 1 2 3 10 Next ›