English
Related papers

Related papers: Trojan Hippo: Weaponizing Agent Memory for Data Ex…

200 papers

Large language model (LLM) agents increasingly leverage long term memory to support persistent and autonomous task execution. However, this capability also introduces a new attack surface: memory poisoning, where adversaries can inject…

Cryptography and Security · Computer Science 2026-05-29 Hongtao Wang , Se Yang , Yu Chen , Puzhuo Liu

Large language model agents equipped with persistent memory are vulnerable to memory poisoning attacks, where adversaries inject malicious instructions through query only interactions that corrupt the agents long term memory and influence…

Cryptography and Security · Computer Science 2026-01-13 Balachandra Devarangadi Sunil , Isheeta Sinha , Piyush Maheshwari , Shantanu Todmal , Shreyan Mallik , Shuchi Mishra

AI agents aim to solve complex tasks by combining text-based reasoning with external tool calls. Unfortunately, AI agents are vulnerable to prompt injection attacks where data returned by external tools hijacks the agent to execute…

Cryptography and Security · Computer Science 2024-11-26 Edoardo Debenedetti , Jie Zhang , Mislav Balunović , Luca Beurer-Kellner , Marc Fischer , Florian Tramèr

Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk:…

Cryptography and Security · Computer Science 2026-05-19 Sidharth Pulipaka , Stanislau Hlebik , Leonidas Raghav , Sahar Abdelnabi , Vyas Raina , Ivaxi Sheth , Mario Fritz

Research on large language model (LLM) security is shifting from "will the model leak training data" to a more consequential question: can an agent with persistent, long-term memory be continuously shaped, cross-session poisoned, accessed…

Cryptography and Security · Computer Science 2026-04-21 Zehao Lin , Chunyu Li , Kai Chen

Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing…

Cryptography and Security · Computer Science 2026-04-08 Wei Zou , Mingwen Dong , Miguel Romero Calvo , Shuaichen Chang , Jiang Guo , Dongkyu Lee , Xing Niu , Xiaofei Ma , Yanjun Qi , Jiarong Jiang

Safety evaluations of memory-equipped LLM agents typically measure within-task safety: whether an agent completes a single scenario safely, often under adversarial conditions such as prompt injection or memory poisoning. In deployment,…

Artificial Intelligence · Computer Science 2026-05-19 Ahmad Al-Tawaha , Shangding Gu , Peizhi Niu , Ruoxi Jia , Ming Jin

Memory-augmented large language model (LLM) agents use iterative reflection and self-evolution to solve complex tasks, but these mechanisms introduce security risks. Existing agentic memory attacks require privileged access or explicit…

Cryptography and Security · Computer Science 2026-05-20 Kaixiang Wang , Jiong Lou , Zhaojiacheng Zhou , Jie Li

LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks…

Cryptography and Security · Computer Science 2026-05-27 Xuanye Zhang , Yongsen Zheng , Zhuqin Xu , Kaiyu Zhou , Bowen Shen , Haoran Ou , Tianwei Zhang , Kwok-Yan Lam

Large Language Model (LLM) agents use memory to learn from past interactions, enabling autonomous planning and decision-making in complex environments. However, this reliance on memory introduces a critical security risk: an adversary can…

Cryptography and Security · Computer Science 2025-10-06 Qianshan Wei , Tengchao Yang , Yaochen Wang , Xinfeng Li , Lijun Li , Zhenfei Yin , Yi Zhan , Thorsten Holz , Zhiqiang Lin , XiaoFeng Wang

Agentic AI systems, specifically LLM-driven agents that plan, invoke tools, maintain persistent memory, and delegate tasks to peer agents via protocols such as MCP and A2A, introduce a threat surface that differs materially from standalone…

Cryptography and Security · Computer Science 2026-05-08 Javad Forough , Marios Kogias , Hamed Haddadi

Agentic memory systems enable large language model (LLM) agents to maintain state across long interactions, supporting long-horizon reasoning and personalization beyond fixed context windows. Despite rapid architectural development, the…

Computation and Language · Computer Science 2026-05-21 Dongming Jiang , Yi Li , Songtao Wei , Jinxin Yang , Ayushi Kishore , Alysa Zhao , Dingyi Kang , Xu Hu , Feng Chen , Qiannan Li , Bingzhe Li

Self-evolving LLM agents update their internal state across sessions, often by writing and reusing long-term memory. This design improves performance on long-horizon tasks but creates a security risk: untrusted external content observed…

Cryptography and Security · Computer Science 2026-03-06 Xianglin Yang , Yufei He , Shuo Ji , Bryan Hooi , Jin Song Dong

Indirect prompt injection threatens LLM agents by embedding malicious instructions in external content, enabling unauthorized actions and data theft. LLM agents maintain working memory through their context window, which stores interaction…

Cryptography and Security · Computer Science 2026-02-10 Ruoyao Wen , Hao Li , Chaowei Xiao , Ning Zhang

While Large Language Model-based Multi-Agent Systems (LLM-MAS) demonstrate remarkable capabilities in solving complex tasks by orchestrating specialized agents and external tools, the implicit trust in tool outputs creates a critical attack…

Cryptography and Security · Computer Science 2026-05-26 Bingyu Yan , Xiaoming Zhang , Jinyu Hou , Chaozhuo Li , Ziyi Zhou , Yiming Hei , Litian Zhang

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose…

Computation and Language · Computer Science 2026-04-07 Wenhui Zhu , Xuanzhao Dong , Xiwen Chen , Rui Cai , Peijie Qiu , Zhipeng Wang , Oana Frunza , Shao Tang , Jindong Gu , Yalin Wang

Large Language Model (LLM) agents increasingly rely on long-term memory and Retrieval-Augmented Generation (RAG) to persist experiences and refine future performance. While this experience learning capability enhances agentic autonomy, it…

Cryptography and Security · Computer Science 2025-12-22 Saksham Sahai Srivastava , Haoyu He

Previous benchmarks on prompt injection in large language models (LLMs) have primarily focused on generic tasks and attacks, offering limited insights into more complex threats like data exfiltration. This paper examines how prompt…

Cryptography and Security · Computer Science 2025-06-03 Meysam Alizadeh , Zeynab Samei , Daria Stetsenko , Fabrizio Gilardi

Recent advances in foundation models have transformed LLMs from passive conversational systems into autonomous agents capable of reasoning and tool execution. While these capabilities unlock substantial practical value, they also introduce…

Cryptography and Security · Computer Science 2026-05-25 Zhe Liu , Zonghao Ying , Wenxin Zhang , Quanchen Zou , Deyue Zhang , Dongdong Yang , Xiangzheng Zhang , Hao Peng

Large language model (LLM) agents increasingly operate in settings where a single context window is far too small to capture what has happened, what was learned, and what should not be repeated. Memory -- the ability to persist, organize,…

Artificial Intelligence · Computer Science 2026-03-10 Pengfei Du
‹ Prev 1 2 3 10 Next ›