Lucene search
K

11 matches found

Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.46 views

Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents

Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.14 views

Taint-Style Vulnerability Detection and Confirmation for Node.Js Packages Using LLM Agent Reasoning

The rapidly evolving Node$.$js ecosystem currently includes millions of packages and is a critical part of modern software supply chains, making vulnerability detection of Node$.$js packages increasingly important. However, traditional program analysis struggles in this setting because of dynamic...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.5 views

TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs

Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing SAST tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative proje...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

CritBench: A Framework for Evaluating Cybersecurity Capabilities of Large Language Models in IEC 61850 Digital Substation Environments

The advancement of Large Language Models LLMs has raised concerns regarding their dual-use potential in cybersecurity. Existing evaluation frameworks overwhelmingly focus on Information Technology IT environments, failing to capture the constraints, and specialized protocols of Operational...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.2 views

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.22 views

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.10 views

ChainFuzzer: Greybox Fuzzing for Workflow-Level Multi-Tool Vulnerabilities in LLM Agents

Tool-augmented LLM agents increasingly rely on multi-step, multi-tool workflows to complete real tasks. This design expands the attack surface, because data produced by one tool can be persisted and later reused as input to another tool, enabling exploitable source-to-sink dataflows that only...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

Skill-Inject: Measuring Agent Vulnerability to Skill File Attacks

LLM agents are evolving rapidly, powered by code execution, tools, and the recently introduced agent skills feature. Skills allow users to extend LLM applications with specialized third-party code, knowledge, and instructions. Although this can extend agent capabilities to new domains, it creates...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/14 12:0 a.m.3 views

Searching for Privacy Risks in LLM Agents Via Simulation

The widespread deployment of LLM-based agents is likely to introduce a critical privacy threat: malicious agents that proactively engage others in multi-turn interactions to extract sensitive information. These dynamic dialogues enable adaptive attack strategies that can cause severe privacy...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.3 views

AgentVigil: Generic Black-Box Red-Teaming for Indirect Prompt Injection against LLM Agents

The strong planning and reasoning capabilities of Large Language Models LLMs have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these powerful features also introduce a critical security risk:...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/06/17 11:8 a.m.21 views

Using LLMs to Exploit Vulnerabilities

Interesting research: "Teams of LLM Agents can Exploit Zero-Day Vulnerabilities." Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the...

7.3AI score
Exploits0
Rows per page
Query Builder