# agentic-exploitation
標記為「agentic-exploitation」的 136 篇文章
AutoGen Security Analysis
Security analysis of Microsoft's AutoGen framework for multi-agent conversation exploitation.
CrewAI Multi-Agent Exploitation
Exploiting CrewAI's multi-agent orchestration for task injection and cross-agent attacks.
LangChain Security Deep Dive
Comprehensive security analysis of LangChain including known CVEs and exploitation patterns.
LlamaIndex Attack Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
Semantic Kernel Plugin Exploitation
Exploiting Microsoft's Semantic Kernel plugins and planners for unauthorized code execution.
Browser Agent Framework Exploitation
Exploiting browser-use and web agent frameworks through DOM injection and navigation manipulation.
DSPy Security Analysis
Security analysis of the DSPy framework including prompt optimization exploitation and pipeline injection.
Haystack Pipeline Security Analysis
Security analysis of deepset Haystack RAG pipelines including component injection and data exfiltration.
smolagents Security Analysis
Security analysis of Hugging Face smolagents including code execution risks and tool trust boundaries.
Conversational Memory Poisoning
Poisoning conversation history stores to alter the agent's understanding of prior interactions.
Cross-Session Attack Persistence
Achieving attack persistence across separate agent sessions through memory manipulation.
Memory Context Window Attacks
Exploiting memory systems that manage context window limitations to inject or suppress information.
Memory Retrieval Poisoning
Manipulating memory retrieval mechanisms to surface adversarial context during agent reasoning.
Memory Summary Manipulation
Exploiting automatic memory summarization to embed persistent instructions in compressed context.
Persistent Memory Injection
Injecting persistent false memories into agent memory systems to influence future behavior.
Memory Compression Injection
Inject persistent instructions through memory compression and summarization processes in long-running agents.
Memory Eviction Exploitation
Exploit memory eviction policies in context-limited agents to selectively remove safety-relevant context.
RAG-Memory Confusion Attacks
Exploit the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.
Shared Memory Space Poisoning
Poison memory spaces shared between multiple agents or users in multi-tenant agent deployments.
Forced Function Calling Attacks
Forcing models to call specific functions through crafted inputs that override intended tool selection.
Function Calling Data Exfiltration
Using function calls as data exfiltration channels to extract information from constrained environments.
Function Result Poisoning
Poisoning function call results to inject instructions back into the model's reasoning chain.
Function Schema Injection
Injecting malicious instructions through function parameter descriptions and schema definitions.
Parallel Function Call Exploitation
Exploiting parallel function calling to create race conditions and bypass sequential validation.
Function Calling Chain Confusion
Confuse multi-step function calling chains to skip validation steps and execute unintended operation sequences.
Function Calling Race Conditions (Agentic Exploitation)
Exploit race conditions in parallel function calling to bypass sequential validation and authorization checks.
Function Hallucination Exploitation
Exploit model tendency to hallucinate function calls to non-existent APIs for information disclosure.
Function Parameter Injection Deep Dive
Advanced techniques for injecting adversarial content through function calling parameter values and defaults.
Tool Selection Manipulation
Manipulate model tool selection decisions through crafted prompts that bias toward attacker-preferred functions.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
Exploiting MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Manipulation Attacks
Exploiting MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Sampling API Exploitation
Exploiting the MCP sampling API to manipulate how servers request LLM completions.
MCP Server Impersonation Attacks
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP Tool Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP Transport Security Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP Authentication Bypass Techniques (Agentic Exploitation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch Tool Call Exploitation
Exploit batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
Exploit MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer Attacks
Exploiting Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP Tool Schema Poisoning
Poisoning MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade Attacks
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
A2A Agent Impersonation
Impersonating trusted agents in A2A networks to intercept tasks and exfiltrate data.
A2A Protocol Security Analysis
Security analysis of Google's Agent-to-Agent protocol including authentication, task delegation, and trust boundaries.
A2A Task Injection Attacks
Injecting malicious tasks into A2A agent communication channels to redirect multi-agent workflows.
Agent Swarm Poisoning
Poisoning agent swarm coordination to manipulate collective decision-making and task allocation.
Cross-Agent Memory Attacks
Exploiting shared memory and context between agents in multi-agent architectures.
Multi-Agent Privilege Escalation
Escalating privileges through multi-agent systems by exploiting trust delegation and capability sharing.
A2A Agent Card Spoofing
Spoof A2A agent cards to advertise malicious capabilities and intercept task delegations from legitimate agents.
A2A Capability Confusion Attacks
Confuse A2A capability negotiation to make orchestrators delegate inappropriate tasks to unprivileged agents.
A2A Message Replay and Modification
Intercept, replay, and modify A2A messages to manipulate multi-agent workflow outcomes.
A2A Task Delegation Hijacking
Hijack A2A task delegation chains to redirect sensitive operations to attacker-controlled agent endpoints.
Inter-Agent Communication Interception
Intercept and manipulate communication channels between agents in multi-agent architectures.
Multi-Agent Consensus Manipulation
Manipulate voting and consensus mechanisms in multi-agent decision-making systems.
Agentic Loop Denial of Service
Triggering infinite or resource-exhausting loops in agentic workflows through crafted inputs.
Human-in-the-Loop Bypass
Techniques for bypassing human approval steps in agent workflows through urgency injection and stealth.
Planning Agent Manipulation
Manipulating LLM-based planning agents to execute adversarial action sequences.
Reflection Loop Exploitation
Exploiting self-reflection and self-correction loops in agent workflows.
Router Agent Confusion
Confusing router/dispatcher agents to misdirect tasks to inappropriate specialist agents.
Agent Orchestration Takeover
Take control of agent orchestration logic to redirect workflow execution and bypass access controls.
Approval Workflow Bypass Techniques
Techniques for bypassing human and automated approval workflows in governed agent systems.
Fallback Handler Exploitation
Exploit fallback and error handlers in agent workflows that have weaker security controls than primary paths.
Parallel Workflow Race Conditions
Exploit race conditions in parallel agent workflows to achieve inconsistent state and bypass validation.
Retry Loop Exploitation
Exploit retry and error-handling loops in agent workflows to amplify attack payloads and exhaust resources.
Workflow State Manipulation
Manipulating workflow state machines to skip validation steps and reach privileged execution paths.
AutoGen 安全 Analysis
Security analysis of Microsoft's AutoGen framework for multi-agent conversation exploitation.
CrewAI Multi-代理 利用ation
Exploiting CrewAI's multi-agent orchestration for task injection and cross-agent attacks.
LangChain 安全 Deep Dive
Comprehensive security analysis of LangChain including known CVEs and exploitation patterns.
LlamaIndex 攻擊 Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
Semantic Kernel Plugin 利用ation
Exploiting Microsoft's Semantic Kernel plugins and planners for unauthorized code execution.
Browser 代理 Framework 利用ation
利用ing browser-use and web agent frameworks through DOM injection and navigation manipulation.
DSPy 安全 Analysis
安全 analysis of the DSPy framework including prompt optimization exploitation and pipeline injection.
Haystack Pipeline 安全 Analysis
安全 analysis of deepset Haystack RAG pipelines including component injection and data exfiltration.
smolagents 安全 Analysis
安全 analysis of Hugging Face smolagents including code execution risks and tool trust boundaries.
Conversational 記憶體 投毒
Poisoning conversation history stores to alter the agent's understanding of prior interactions.
Cross-Session 攻擊 Persistence
Achieving attack persistence across separate agent sessions through memory manipulation.
記憶體 Context Window 攻擊s
利用ing memory systems that manage context window limitations to inject or suppress information.
記憶體 Retrieval 投毒
Manipulating memory retrieval mechanisms to surface adversarial context during agent reasoning.
記憶體 Summary Manipulation
利用ing automatic memory summarization to embed persistent instructions in compressed context.
Persistent 記憶體 Injection
Injecting persistent false memories into agent memory systems to influence future behavior.
記憶體 Compression Injection
Inject persistent instructions through memory compression and summarization processes in long-running agents.
記憶體 Eviction 利用ation
利用 memory eviction policies in context-limited agents to selectively remove safety-relevant context.
RAG-記憶體 Confusion 攻擊s
利用 the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.
Shared 記憶體 Space 投毒
Poison memory spaces shared between multiple agents or users in multi-tenant agent deployments.
Forced Function Calling 攻擊s
Forcing models to call specific functions through crafted inputs that override intended tool selection.
Function Calling Data Exfiltration
Using function calls as data exfiltration channels to extract information from constrained environments.
Function Result 投毒
Poisoning function call results to inject instructions back into the model's reasoning chain.
Function Schema Injection
Injecting malicious instructions through function parameter descriptions and schema definitions.
Parallel Function Call 利用ation
利用ing parallel function calling to create race conditions and bypass sequential validation.
Function Calling Chain Confusion
Confuse multi-step function calling chains to skip validation steps and execute unintended operation sequences.
Function Calling Race Conditions (代理式 利用ation)
利用 race conditions in parallel function calling to bypass sequential validation and authorization checks.
Function Hallucination 利用ation
利用 model tendency to hallucinate function calls to non-existent APIs for information disclosure.
Function Parameter Injection Deep Dive
進階 techniques for injecting adversarial content through function calling parameter values and defaults.
工具 Selection Manipulation
Manipulate model tool selection decisions through crafted prompts that bias toward attacker-preferred functions.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
利用ing MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Manipulation 攻擊s
利用ing MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Sampling API 利用ation
利用ing the MCP sampling API to manipulate how servers request LLM completions.
MCP Server Impersonation 攻擊s
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP 工具 Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP Transport 安全 Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP Authentication Bypass Techniques (代理式 利用ation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch 工具 Call 利用ation
利用 batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
利用 MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer 攻擊s
利用ing Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP 工具 Schema 投毒
投毒 MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade 攻擊s
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
A2A 代理 Impersonation
Impersonating trusted agents in A2A networks to intercept tasks and exfiltrate data.
A2A Protocol 安全 Analysis
Security analysis of Google's Agent-to-Agent protocol including authentication, task delegation, and trust boundaries.
A2A Task Injection 攻擊s
Injecting malicious tasks into A2A agent communication channels to redirect multi-agent workflows.
代理 Swarm 投毒
投毒 agent swarm coordination to manipulate collective decision-making and task allocation.
Cross-代理 記憶體 攻擊s
利用ing shared memory and context between agents in multi-agent architectures.
Multi-代理 Privilege Escalation
Escalating privileges through multi-agent systems by exploiting trust delegation and capability sharing.
A2A 代理 Card Spoofing
Spoof A2A agent cards to advertise malicious capabilities and intercept task delegations from legitimate agents.
A2A Capability Confusion 攻擊s
Confuse A2A capability negotiation to make orchestrators delegate inappropriate tasks to unprivileged agents.
A2A Message Replay and Modification
Intercept, replay, and modify A2A messages to manipulate multi-agent workflow outcomes.
A2A Task Delegation Hijacking
Hijack A2A task delegation chains to redirect sensitive operations to attacker-controlled agent endpoints.
Inter-代理 Communication Interception
Intercept and manipulate communication channels between agents in multi-agent architectures.
Multi-代理 Consensus Manipulation
Manipulate voting and consensus mechanisms in multi-agent decision-making systems.
代理式 Loop Denial of Service
Triggering infinite or resource-exhausting loops in agentic workflows through crafted inputs.
Human-in-the-Loop Bypass
Techniques for bypassing human approval steps in agent workflows through urgency injection and stealth.
Planning 代理 Manipulation
Manipulating LLM-based planning agents to execute adversarial action sequences.
Reflection Loop 利用ation
利用ing self-reflection and self-correction loops in agent workflows.
Router 代理 Confusion
Confusing router/dispatcher agents to misdirect tasks to inappropriate specialist agents.
代理 Orchestration Takeover
Take control of agent orchestration logic to redirect workflow execution and bypass access controls.
Approval Workflow Bypass Techniques
Techniques for bypassing human and automated approval workflows in governed agent systems.
Fallback Handler 利用ation
利用 fallback and error handlers in agent workflows that have weaker security controls than primary paths.
Parallel Workflow Race Conditions
利用 race conditions in parallel agent workflows to achieve inconsistent state and bypass validation.
Retry Loop 利用ation
利用 retry and error-handling loops in agent workflows to amplify attack payloads and exhaust resources.
Workflow State Manipulation
Manipulating workflow state machines to skip validation steps and reach privileged execution paths.