English
Related papers

Related papers: Poison Once, Exploit Forever: Environment-Injected…

200 papers

Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk:…

Cryptography and Security · Computer Science 2026-05-19 Sidharth Pulipaka , Stanislau Hlebik , Leonidas Raghav , Sahar Abdelnabi , Vyas Raina , Ivaxi Sheth , Mario Fritz

Autonomous web navigation agents, which translate natural language instructions into sequences of browser actions, are increasingly deployed for complex tasks across e-commerce, information retrieval, and content discovery. Due to the…

Cryptography and Security · Computer Science 2025-06-24 Atharv Singh Patlan , Ashwin Hebbar , Pramod Viswanath , Prateek Mittal

LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks…

Cryptography and Security · Computer Science 2026-05-27 Xuanye Zhang , Yongsen Zheng , Zhuqin Xu , Kaiyu Zhou , Bowen Shen , Haoran Ou , Tianwei Zhang , Kwok-Yan Lam

Memory-augmented large language model (LLM) agents use iterative reflection and self-evolution to solve complex tasks, but these mechanisms introduce security risks. Existing agentic memory attacks require privileged access or explicit…

Cryptography and Security · Computer Science 2026-05-20 Kaixiang Wang , Jiong Lou , Zhaojiacheng Zhou , Jie Li

Large Language Model (LLM) agents increasingly rely on long-term memory and Retrieval-Augmented Generation (RAG) to persist experiences and refine future performance. While this experience learning capability enhances agentic autonomy, it…

Cryptography and Security · Computer Science 2025-12-22 Saksham Sahai Srivastava , Haoyu He

Safety evaluations of memory-equipped LLM agents typically measure within-task safety: whether an agent completes a single scenario safely, often under adversarial conditions such as prompt injection or memory poisoning. In deployment,…

Artificial Intelligence · Computer Science 2026-05-19 Ahmad Al-Tawaha , Shangding Gu , Peizhi Niu , Ruoxi Jia , Ming Jin

Large language model (LLM) agents increasingly leverage long term memory to support persistent and autonomous task execution. However, this capability also introduces a new attack surface: memory poisoning, where adversaries can inject…

Cryptography and Security · Computer Science 2026-05-29 Hongtao Wang , Se Yang , Yu Chen , Puzhuo Liu

Graphical User Interface (GUI) agents are increasingly deployed to interact with online web services, yet their exposure to open-world content renders them vulnerable to Environmental Injection Attacks (EIAs). In these attacks, an attacker…

Cryptography and Security · Computer Science 2026-02-03 Yitong Zhang , Ximo Li , Liyi Cai , Jia Li

Large language model agents equipped with persistent memory are vulnerable to memory poisoning attacks, where adversaries inject malicious instructions through query only interactions that corrupt the agents long term memory and influence…

Cryptography and Security · Computer Science 2026-01-13 Balachandra Devarangadi Sunil , Isheeta Sinha , Piyush Maheshwari , Shantanu Todmal , Shreyan Mallik , Shuchi Mishra

Mobile agents powered by vision-language models (VLMs) are increasingly adopted for tasks such as UI automation and camera-based assistance. These agents are typically fine-tuned using small-scale, user-collected data, making them…

Cryptography and Security · Computer Science 2025-09-08 Xuan Wang , Siyuan Liang , Zhe Liu , Yi Yu , Aishan Liu , Yuliang Lu , Xitong Gao , Ee-Chien Chang

LLM agents have demonstrated remarkable performance across various applications, primarily due to their advanced capabilities in reasoning, utilizing external knowledge and tools, calling APIs, and executing actions to interact with…

Machine Learning · Computer Science 2024-07-18 Zhaorun Chen , Zhen Xiang , Chaowei Xiao , Dawn Song , Bo Li

Large Language Model (LLM) agents remain vulnerable to safety threats from the external environment, where attackers inject adversarial content into external observations such as tool-returned data, webpages, or MCP context, causing harmful…

Artificial Intelligence · Computer Science 2026-05-28 Yongxiang Li , Moxin Li , Zhixin Ma , Fengbin Zhu , Dongrui Liu , Wenjie Wang , Fuli Feng

Self-evolving LLM agents update their internal state across sessions, often by writing and reusing long-term memory. This design improves performance on long-horizon tasks but creates a security risk: untrusted external content observed…

Cryptography and Security · Computer Science 2026-03-06 Xianglin Yang , Yufei He , Shuo Ji , Bryan Hooi , Jin Song Dong

Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more…

Cryptography and Security · Computer Science 2026-05-18 Debeshee Das , Julien Piet , Darya Kaviani , Luca Beurer-Kellner , Florian Tramèr , David Wagner

Memory poisoning attacks for Agentic AI and multi-agent systems (MAS) have recently caught attention. It is partially due to the fact that Large Language Models (LLMs) facilitate the construction and deployment of agents. Different memory…

Cryptography and Security · Computer Science 2026-03-24 Vicenç Torra , Maria Bras-Amorós

We study a security threat to reinforcement learning where an attacker poisons the learning environment to force the agent into executing a target policy chosen by the attacker. As a victim, we consider RL agents whose objective is to find…

Machine Learning · Computer Science 2020-08-20 Amin Rakhsha , Goran Radanovic , Rati Devidze , Xiaojin Zhu , Adish Singla

The evolution from static ranking models to Agentic Recommender Systems (Agentic RecSys) empowers AI agents to maintain long-term user profiles and autonomously plan service tasks. While this paradigm shift enhances personalization, it…

Cryptography and Security · Computer Science 2026-04-21 Jiachen Qian

Indirect prompt injection threatens LLM agents by embedding malicious instructions in external content, enabling unauthorized actions and data theft. LLM agents maintain working memory through their context window, which stores interaction…

Cryptography and Security · Computer Science 2026-02-10 Ruoyao Wen , Hao Li , Chaowei Xiao , Ning Zhang

Modern LLM agents solve complex tasks by operating in iterative execution loops, where they repeatedly reason, act, and self-evaluate progress to determine when a task is complete. In this work, we show that while this self-directed loop…

Cryptography and Security · Computer Science 2026-05-08 Huiyu Xu , Zhibo Wang , Wenhui Zhang , Ziqi Zhu , Yaopeng Wang , Kui Ren , Chun Chen

We study a security threat to reinforcement learning where an attacker poisons the learning environment to force the agent into executing a target policy chosen by the attacker. As a victim, we consider RL agents whose objective is to find…

Machine Learning · Computer Science 2020-11-24 Amin Rakhsha , Goran Radanovic , Rati Devidze , Xiaojin Zhu , Adish Singla
‹ Prev 1 2 3 10 Next ›