English
Related papers

Related papers: Poison Once, Exploit Forever: Environment-Injected…

200 papers

Large language models (LLMs) have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through…

Cryptography and Security · Computer Science 2025-10-21 Zongze Li , Jiawei Guo , Haipeng Cai

Large Language Model (LLM) web agents often struggle with long-horizon web navigation and web task completion in new websites, producing inefficient action sequences unless fine-tuned on environment-specific data. We show that…

Research on large language model (LLM) security is shifting from "will the model leak training data" to a more consequential question: can an agent with persistent, long-term memory be continuously shaped, cross-session poisoned, accessed…

Cryptography and Security · Computer Science 2026-04-21 Zehao Lin , Chunyu Li , Kai Chen

Web-use agents are rapidly being deployed to automate complex web tasks with extensive browser capabilities. However, these capabilities create a critical and previously unexplored attack surface. This paper demonstrates how attackers can…

Cryptography and Security · Computer Science 2025-10-22 Avishag Shapira , Parth Atulbhai Gandhi , Edan Habler , Asaf Shabtai

Recent work has embodied LLMs as agents, allowing them to access tools, perform actions, and interact with external content (e.g., emails or websites). However, external content introduces the risk of indirect prompt injection (IPI)…

Computation and Language · Computer Science 2024-08-06 Qiusi Zhan , Zhixiang Liang , Zifan Ying , Daniel Kang

In targeted poisoning attacks, an attacker manipulates an agent-environment interaction to force the agent into adopting a policy of interest, called target policy. Prior work has primarily focused on attacks that modify standard MDP…

Machine Learning · Computer Science 2023-02-28 Mohammad Mohammadi , Jonathan Nöther , Debmalya Mandal , Adish Singla , Goran Radanovic

Personalized LLM agents maintain persistent cross-session state to support long-horizon collaboration. Yet, this persistence introduces a subtle but critical security vulnerability: routine user-agent interactions can gradually reshape an…

Cryptography and Security · Computer Science 2026-05-11 Xiaoyu Xu , Minxin Du , Qipeng Xie , Haobin Ke , Qingqing Ye , Haibo Hu

Web agents powered by vision-language models (VLMs) enable autonomous interaction with web environments by perceiving and acting on both visual and textual webpage content to accomplish user-specified tasks. However, they are highly…

Cryptography and Security · Computer Science 2026-04-15 Yulin Chen , Tri Cao , Haoran Li , Yue Liu , Yibo Li , Yufei He , Le Minh Khoi , Yangqiu Song , Shuicheng Yan , Bryan Hooi

This work demonstrates that LLM-based web navigation agents offer powerful automation capabilities but are vulnerable to Indirect Prompt Injection (IPI) attacks. We show that adversaries can embed universal adversarial triggers in webpage…

Cryptography and Security · Computer Science 2025-07-22 Sam Johnson , Viet Pham , Thai Le

Generalist web agents have demonstrated remarkable potential in autonomously completing a wide range of tasks on real websites, significantly boosting human productivity. However, web tasks, such as booking flights, usually involve users'…

Cryptography and Security · Computer Science 2025-03-14 Zeyi Liao , Lingbo Mo , Chejian Xu , Mintong Kang , Jiawei Zhang , Chaowei Xiao , Yuan Tian , Bo Li , Huan Sun

Large language models (LLMs) have transformed the development of embodied intelligence. By providing a few contextual demonstrations, developers can utilize the extensive internal knowledge of LLMs to effortlessly translate complex tasks…

Artificial Intelligence · Computer Science 2024-08-07 Aishan Liu , Yuguang Zhou , Xianglong Liu , Tianyuan Zhang , Siyuan Liang , Jiakai Wang , Yanjun Pu , Tianlin Li , Junqi Zhang , Wenbo Zhou , Qing Guo , Dacheng Tao

Autonomous browsing agents powered by large language models (LLMs) are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface.…

Cryptography and Security · Computer Science 2025-05-20 Mykyta Mudryi , Markiyan Chaklosh , Grzegorz Wójcik

As Large Language Models (LLMs) grow increasingly powerful, multi-agent systems are becoming more prevalent in modern AI applications. Most safety research, however, has focused on vulnerabilities in single-agent LLMs. These include prompt…

Multiagent Systems · Computer Science 2024-10-11 Donghyun Lee , Mo Tiwari

Large Language Model (LLM) Agents are an emerging computing paradigm that blends generative machine learning with tools such as code interpreters, web browsing, email, and more generally, external resources. These agent-based systems…

Cryptography and Security · Computer Science 2024-10-23 Xiaohan Fu , Shuheng Li , Zihan Wang , Yihao Liu , Rajesh K. Gupta , Taylor Berg-Kirkpatrick , Earlence Fernandes

Large Language Models (LLMs) are increasingly deployed as agentic systems that plan, memorize, and act in open-world environments. This shift brings new security problems: failures are no longer only unsafe text generation, but can become…

Cryptography and Security · Computer Science 2026-03-03 Zhihang Deng , Jiaping Gui , Weinan Zhang

Large Language Model (LLM) agents are powering a growing share of interactive web applications, yet remain vulnerable to misuse and harm. Prior jailbreak research has largely focused on single-turn prompts, whereas real harassment often…

Artificial Intelligence · Computer Science 2025-10-22 Trilok Padhi , Pinxian Lu , Abdulkadir Erol , Tanmay Sutar , Gauri Sharma , Mina Sonmez , Munmun De Choudhury , Ugur Kursuncu

Autonomous AI agents powered by large language models (LLMs) with structured function-calling interfaces enable real-time data retrieval, computation, and multi-step orchestration. However, the rapid growth of plugins, connectors, and…

Cryptography and Security · Computer Science 2025-12-16 Mohamed Amine Ferrag , Norbert Tihanyi , Djallel Hamouda , Leandros Maglaras , Abderrahmane Lakas , Merouane Debbah

Large language models (LLMs) are increasingly being integrated into web browsers to create agentic browsing systems that execute actions on behalf of the user. Prior work considering the security of agentic browsers focuses exclusively on…

Cryptography and Security · Computer Science 2026-05-08 Sohom Datta , Alex Nahapetyan , William Enck , Alexandros Kapravelos

Meta-learning agents excel at rapidly learning new tasks from open-ended task distributions; yet, they forget what they learn about each task as soon as the next begins. When tasks reoccur - as they do in natural environments - metalearning…

A Large Language Model (LLM) powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces (GUIs)…