AttriGuard: Defeating Indirect Prompt Injection in LLM Agents Via Causal Attribution of Tool Invocations
LLM agents are highly vulnerable to Indirect Prompt Injection IPI, where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination problem, which often fails to generalize to unseen payloads. We...