# agentic-exploitation
68 articlestagged with “agentic-exploitation”
AutoGen Security Analysis
Security analysis of Microsoft's AutoGen framework for multi-agent conversation exploitation.
CrewAI Multi-Agent Exploitation
Exploiting CrewAI's multi-agent orchestration for task injection and cross-agent attacks.
LangChain Security Deep Dive
Comprehensive security analysis of LangChain including known CVEs and exploitation patterns.
LlamaIndex Attack Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
Semantic Kernel Plugin Exploitation
Exploiting Microsoft's Semantic Kernel plugins and planners for unauthorized code execution.
Browser Agent Framework Exploitation
Exploiting browser-use and web agent frameworks through DOM injection and navigation manipulation.
DSPy Security Analysis
Security analysis of the DSPy framework including prompt optimization exploitation and pipeline injection.
Haystack Pipeline Security Analysis
Security analysis of deepset Haystack RAG pipelines including component injection and data exfiltration.
smolagents Security Analysis
Security analysis of Hugging Face smolagents including code execution risks and tool trust boundaries.
Conversational Memory Poisoning
Poisoning conversation history stores to alter the agent's understanding of prior interactions.
Cross-Session Attack Persistence
Achieving attack persistence across separate agent sessions through memory manipulation.
Memory Context Window Attacks
Exploiting memory systems that manage context window limitations to inject or suppress information.
Memory Retrieval Poisoning
Manipulating memory retrieval mechanisms to surface adversarial context during agent reasoning.
Memory Summary Manipulation
Exploiting automatic memory summarization to embed persistent instructions in compressed context.
Persistent Memory Injection
Injecting persistent false memories into agent memory systems to influence future behavior.
Memory Compression Injection
Inject persistent instructions through memory compression and summarization processes in long-running agents.
Memory Eviction Exploitation
Exploit memory eviction policies in context-limited agents to selectively remove safety-relevant context.
RAG-Memory Confusion Attacks
Exploit the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.
Shared Memory Space Poisoning
Poison memory spaces shared between multiple agents or users in multi-tenant agent deployments.
Forced Function Calling Attacks
Forcing models to call specific functions through crafted inputs that override intended tool selection.
Function Calling Data Exfiltration
Using function calls as data exfiltration channels to extract information from constrained environments.
Function Result Poisoning
Poisoning function call results to inject instructions back into the model's reasoning chain.
Function Schema Injection
Injecting malicious instructions through function parameter descriptions and schema definitions.
Parallel Function Call Exploitation
Exploiting parallel function calling to create race conditions and bypass sequential validation.
Function Calling Chain Confusion
Confuse multi-step function calling chains to skip validation steps and execute unintended operation sequences.
Function Calling Race Conditions (Agentic Exploitation)
Exploit race conditions in parallel function calling to bypass sequential validation and authorization checks.
Function Hallucination Exploitation
Exploit model tendency to hallucinate function calls to non-existent APIs for information disclosure.
Function Parameter Injection Deep Dive
Advanced techniques for injecting adversarial content through function calling parameter values and defaults.
Tool Selection Manipulation
Manipulate model tool selection decisions through crafted prompts that bias toward attacker-preferred functions.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
Exploiting MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Manipulation Attacks
Exploiting MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Sampling API Exploitation
Exploiting the MCP sampling API to manipulate how servers request LLM completions.
MCP Server Impersonation Attacks
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP Tool Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP Transport Security Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP Authentication Bypass Techniques (Agentic Exploitation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch Tool Call Exploitation
Exploit batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
Exploit MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer Attacks
Exploiting Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP Tool Schema Poisoning
Poisoning MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade Attacks
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
A2A Agent Impersonation
Impersonating trusted agents in A2A networks to intercept tasks and exfiltrate data.
A2A Protocol Security Analysis
Security analysis of Google's Agent-to-Agent protocol including authentication, task delegation, and trust boundaries.
A2A Task Injection Attacks
Injecting malicious tasks into A2A agent communication channels to redirect multi-agent workflows.
Agent Swarm Poisoning
Poisoning agent swarm coordination to manipulate collective decision-making and task allocation.
Cross-Agent Memory Attacks
Exploiting shared memory and context between agents in multi-agent architectures.
Multi-Agent Privilege Escalation
Escalating privileges through multi-agent systems by exploiting trust delegation and capability sharing.
A2A Agent Card Spoofing
Spoof A2A agent cards to advertise malicious capabilities and intercept task delegations from legitimate agents.
A2A Capability Confusion Attacks
Confuse A2A capability negotiation to make orchestrators delegate inappropriate tasks to unprivileged agents.
A2A Message Replay and Modification
Intercept, replay, and modify A2A messages to manipulate multi-agent workflow outcomes.
A2A Task Delegation Hijacking
Hijack A2A task delegation chains to redirect sensitive operations to attacker-controlled agent endpoints.
Inter-Agent Communication Interception
Intercept and manipulate communication channels between agents in multi-agent architectures.
Multi-Agent Consensus Manipulation
Manipulate voting and consensus mechanisms in multi-agent decision-making systems.
Agentic Loop Denial of Service
Triggering infinite or resource-exhausting loops in agentic workflows through crafted inputs.
Human-in-the-Loop Bypass
Techniques for bypassing human approval steps in agent workflows through urgency injection and stealth.
Planning Agent Manipulation
Manipulating LLM-based planning agents to execute adversarial action sequences.
Reflection Loop Exploitation
Exploiting self-reflection and self-correction loops in agent workflows.
Router Agent Confusion
Confusing router/dispatcher agents to misdirect tasks to inappropriate specialist agents.
Agent Orchestration Takeover
Take control of agent orchestration logic to redirect workflow execution and bypass access controls.
Approval Workflow Bypass Techniques
Techniques for bypassing human and automated approval workflows in governed agent systems.
Fallback Handler Exploitation
Exploit fallback and error handlers in agent workflows that have weaker security controls than primary paths.
Parallel Workflow Race Conditions
Exploit race conditions in parallel agent workflows to achieve inconsistent state and bypass validation.
Retry Loop Exploitation
Exploit retry and error-handling loops in agent workflows to amplify attack payloads and exhaust resources.
Workflow State Manipulation
Manipulating workflow state machines to skip validation steps and reach privileged execution paths.