# agent-security
20 articlestagged with “agent-security”
Link-Based Exfiltration
Using hyperlinks, redirects, or URL parameters to exfiltrate data from AI systems through markdown links, tool-generated URLs, and API callback exploitation.
Markdown Image Injection
Injecting markdown image tags with attacker-controlled URLs to exfiltrate conversation data via HTTP image requests.
Permission Boundary Bypass
Escalating from limited to elevated permissions in AI agent systems through scope creep, implicit permission inheritance, and capability confusion.
LangChain Security Deep Dive (Agentic Exploitation)
Comprehensive security analysis of LangChain and LangGraph, covering dangerous defaults, chain composition attacks, callback exploitation, community tool risks, and agent executor vulnerabilities.
Case Study: MCP Tool Poisoning Attacks (Invariant Labs 2025)
Analysis of tool poisoning vulnerabilities in the Model Context Protocol (MCP) discovered by Invariant Labs, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.
CaMeL & Dual LLM Pattern
Architectural defense patterns that separate trusted and untrusted processing: Simon Willison's Dual LLM concept and Google DeepMind's CaMeL framework for defending tool-using AI agents against prompt injection.
A2A Trust Boundary Attack
Advanced walkthrough of exploiting trust boundaries between agents in multi-agent systems using the Agent-to-Agent (A2A) protocol.
Agent Context Overflow
Walkthrough of overflowing agent context windows to push safety instructions out of the LLM's attention, enabling bypasses of system prompts and guardrails.
Agent Loop Hijacking
Advanced walkthrough of hijacking agentic loops to redirect autonomous agent behavior, alter reasoning chains, and achieve persistent control over multi-step agent workflows.
Agent Persistence via Memory
Advanced walkthrough of using agent memory systems to create persistent backdoors that survive restarts, updates, and session boundaries.
Callback Abuse in MCP
Advanced walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
Function Calling Parameter Injection
Walkthrough of manipulating function call parameters through prompt-level techniques, injecting malicious values into LLM-generated API calls.
MCP Tool Shadowing
Advanced walkthrough of creating shadow tools that override legitimate MCP (Model Context Protocol) tools, enabling interception and manipulation of agent-tool interactions.
Memory Poisoning Step by Step
Walkthrough of persisting injection payloads in agent memory systems to achieve long-term compromise of LLM-based agents.
Multi-Agent Prompt Relay
Advanced walkthrough of relaying prompt injection payloads across multiple agents in a pipeline, achieving cascading compromise of multi-agent systems.
Orchestrator Manipulation
Advanced walkthrough of attacking the orchestrator layer in multi-agent systems to gain control over task delegation, agent coordination, and system-wide behavior.
Plugin Confusion Attack
Walkthrough of confusing LLM agents about which plugin or tool to invoke, causing them to call the wrong tool or pass data to unintended destinations.
Tool Call Injection
Step-by-step walkthrough of injecting malicious parameters into LLM tool and function calls to execute unauthorized actions in agent systems.
Sandboxing and Permission Models for Tool-Using Agents
Walkthrough for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
Security Testing LangChain Applications
Step-by-step walkthrough for identifying and exploiting security vulnerabilities in LangChain-based applications, covering chain injection, agent manipulation, tool abuse, retrieval poisoning, and memory extraction attacks.