AI Agents May Always Fall for Prompt Injections

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...

The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections

A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...