利用生產代理部署中使用之順序、平行與階層式工作流程模式的攻擊。
代理式 AI 系統使用不同工作流程模式組織多步任務。每種模式有不同安全屬性。
代理 A → 代理 B → 代理 C。攻擊:在交接點注入(代理 A 的輸出攜帶影響代理 B 的 payload)、資料轉換利用(中間處理可改變或遺失安全脈絡)。
代理 A、B、C 同時處理,結果被聚合。攻擊:投票操控(如果使用多數投票,入侵多個代理以控制結果)、聚合注入(在聚合步驟注入)。
編排者代理分派任務給工作代理。攻擊:編排者操控(影響任務分派邏輯)、工作代理冒充(偽造來自工作代理的回報)、權限升級(透過編排者存取高權限工作代理)。
利用順序代理工作流程之技術:投毒早期階段以污染下游處理、操弄檢查點,以及利用步驟間資料依賴。
利用代理系統中並行執行之技術,包括競態條件、衝突之工具呼叫、輸出聚合操弄,以及資源競爭攻擊。
為利用經理代理委派至工作者代理之階層代理系統之技術,含委派操弄、主管逃避、工作者利用與權威鏈攻擊。
Manipulating LLM-based planning agents to execute adversarial action sequences.
利用ing self-reflection and self-correction loops in agent workflows.
Techniques for bypassing human approval steps in agent workflows through urgency injection and stealth.
Confusing router/dispatcher agents to misdirect tasks to inappropriate specialist agents.
Manipulating workflow state machines to skip validation steps and reach privileged execution paths.
Triggering infinite or resource-exhausting loops in agentic workflows through crafted inputs.
利用ing map-reduce workflow patterns in agent systems to inject adversarial content during aggregation phases.
Manipulating supervisor agents in hierarchical workflows to approve unauthorized actions by subordinate agents.
Influencing the tool selection process in agent workflows to redirect execution through attacker-controlled tools.
Modifying workflow state checkpoints to alter execution flow and bypass previously completed validation steps.
利用ing conditional logic in agent workflows to force execution down attacker-preferred branches.
利用 retry and error-handling loops in agent workflows to amplify attack payloads and exhaust resources.
Techniques for bypassing human and automated approval workflows in governed agent systems.
Take control of agent orchestration logic to redirect workflow execution and bypass access controls.
利用 fallback and error handlers in agent workflows that have weaker security controls than primary paths.
利用 race conditions in parallel agent workflows to achieve inconsistent state and bypass validation.
Techniques for overriding supervisor agents in hierarchical multi-agent architectures.
Amplifying attack impact by chaining tool calls in agent workflows for cascading exploitation.
Manipulating workflow checkpoints and savepoints for state rollback attacks.
