English
Related papers

Related papers: Hidden in Memory: Sleeper Memory Poisoning in LLM …

200 papers

Large Language Model (LLM) agents remain vulnerable to safety threats from the external environment, where attackers inject adversarial content into external observations such as tool-returned data, webpages, or MCP context, causing harmful…

Artificial Intelligence · Computer Science 2026-05-28 Yongxiang Li , Moxin Li , Zhixin Ma , Fengbin Zhu , Dongrui Liu , Wenjie Wang , Fuli Feng

Research on large language model (LLM) security is shifting from "will the model leak training data" to a more consequential question: can an agent with persistent, long-term memory be continuously shaped, cross-session poisoned, accessed…

Cryptography and Security · Computer Science 2026-04-21 Zehao Lin , Chunyu Li , Kai Chen

Large language model (LLM) agents increasingly leverage long term memory to support persistent and autonomous task execution. However, this capability also introduces a new attack surface: memory poisoning, where adversaries can inject…

Cryptography and Security · Computer Science 2026-05-29 Hongtao Wang , Se Yang , Yu Chen , Puzhuo Liu

Memory poisoning attacks for Agentic AI and multi-agent systems (MAS) have recently caught attention. It is partially due to the fact that Large Language Models (LLMs) facilitate the construction and deployment of agents. Different memory…

Cryptography and Security · Computer Science 2026-03-24 Vicenç Torra , Maria Bras-Amorós

Memory makes LLM-based web agents personalized, powerful, yet exploitable. By storing past interactions to personalize future tasks, agents inadvertently create a persistent attack surface that spans websites and sessions. While existing…

Cryptography and Security · Computer Science 2026-04-08 Wei Zou , Mingwen Dong , Miguel Romero Calvo , Shuaichen Chang , Jiang Guo , Dongkyu Lee , Xing Niu , Xiaofei Ma , Yanjun Qi , Jiarong Jiang

Large Language Model (LLM) agents increasingly rely on long-term memory and Retrieval-Augmented Generation (RAG) to persist experiences and refine future performance. While this experience learning capability enhances agentic autonomy, it…

Cryptography and Security · Computer Science 2025-12-22 Saksham Sahai Srivastava , Haoyu He

Large language model agents equipped with persistent memory are vulnerable to memory poisoning attacks, where adversaries inject malicious instructions through query only interactions that corrupt the agents long term memory and influence…

Cryptography and Security · Computer Science 2026-01-13 Balachandra Devarangadi Sunil , Isheeta Sinha , Piyush Maheshwari , Shantanu Todmal , Shreyan Mallik , Shuchi Mishra

Safety evaluations of memory-equipped LLM agents typically measure within-task safety: whether an agent completes a single scenario safely, often under adversarial conditions such as prompt injection or memory poisoning. In deployment,…

Artificial Intelligence · Computer Science 2026-05-19 Ahmad Al-Tawaha , Shangding Gu , Peizhi Niu , Ruoxi Jia , Ming Jin

LLM agents increasingly rely on persistent state, including transcripts, summaries, retrieved context, and memory buffers, to support long-horizon interaction. This makes safety depend not only on individual model outputs, but also on what…

Artificial Intelligence · Computer Science 2026-05-19 Yian Wang , Agam Goyal , Yuen Chen , Hari Sundaram

LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks…

Cryptography and Security · Computer Science 2026-05-27 Xuanye Zhang , Yongsen Zheng , Zhuqin Xu , Kaiyu Zhou , Bowen Shen , Haoran Ou , Tianwei Zhang , Kwok-Yan Lam

Self-evolving LLM agents update their internal state across sessions, often by writing and reusing long-term memory. This design improves performance on long-horizon tasks but creates a security risk: untrusted external content observed…

Cryptography and Security · Computer Science 2026-03-06 Xianglin Yang , Yufei He , Shuo Ji , Bryan Hooi , Jin Song Dong

Large language model (LLM)-powered agents are increasingly used in recommender systems (RSs) to achieve personalized behavior modeling, where the memory mechanism plays a pivotal role in enabling the agents to autonomously explore, learn…

Cryptography and Security · Computer Science 2025-10-22 Shiyi Yang , Zhibo Hu , Xinshu Li , Chen Wang , Tong Yu , Xiwei Xu , Liming Zhu , Lina Yao

Large language model agents increasingly rely on persistent memory to store past interactions, retrieve relevant demonstrations, and improve long-horizon task execution. However, this memory mechanism also creates a practical security…

Artificial Intelligence · Computer Science 2026-05-25 Zhewen Tan , Yilun Yao , Huiyan Jin , Wenhan Yu , Guoan Wang , Mengyuan Fan , liang lu , Feng Liu , Xiangzheng Zhang , Duohe Ma , Tong Yang , Lin Sun

Large language model (LLM)-based agents combine LLMs with external tools to automate tasks such as scheduling meetings, managing documents, or booking travel. While these integrations unlock powerful capabilities, they also create new and…

Cryptography and Security · Computer Science 2026-04-22 Jonathan Evertz , Merlin Chlosta , Lea Schönherr , Thorsten Eisenhofer

Memory-augmented large language model (LLM) agents use iterative reflection and self-evolution to solve complex tasks, but these mechanisms introduce security risks. Existing agentic memory attacks require privileged access or explicit…

Cryptography and Security · Computer Science 2026-05-20 Kaixiang Wang , Jiong Lou , Zhaojiacheng Zhou , Jie Li

Large language models are pre-trained on uncurated text datasets consisting of trillions of tokens scraped from the Web. Prior work has shown that: (1) web-scraped pre-training datasets can be practically poisoned by malicious actors; and…

Cryptography and Security · Computer Science 2024-10-18 Yiming Zhang , Javier Rando , Ivan Evtimov , Jianfeng Chi , Eric Michael Smith , Nicholas Carlini , Florian Tramèr , Daphne Ippolito

Large language models (LLMs) have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through…

Cryptography and Security · Computer Science 2025-10-21 Zongze Li , Jiawei Guo , Haipeng Cai

The proliferation of open-weight Large Language Models (LLMs) has democratized agentic AI, yet fine-tuned weights are frequently shared and adopted with limited scrutiny beyond leaderboard performance. This creates a risk where third-party…

Cryptography and Security · Computer Science 2026-03-05 Bhanu Pallakonda , Mikkel Hindsbo , Sina Ehsani , Prag Mishra

Personalized LLM agents maintain persistent cross-session state to support long-horizon collaboration. Yet, this persistence introduces a subtle but critical security vulnerability: routine user-agent interactions can gradually reshape an…

Cryptography and Security · Computer Science 2026-05-11 Xiaoyu Xu , Minxin Du , Qipeng Xie , Haobin Ke , Qingqing Ye , Haibo Hu

Detecting whether a model has been poisoned is a longstanding problem in AI security. In this work, we present a practical scanner for identifying sleeper agent-style backdoors in causal language models. Our approach relies on two key…

Cryptography and Security · Computer Science 2026-02-04 Blake Bullwinkel , Giorgio Severi , Keegan Hines , Amanda Minnich , Ram Shankar Siva Kumar , Yonatan Zunger
‹ Prev 1 2 3 10 Next ›