# agents
標記為「agents」的 97 篇文章
Agent Delegation Attacks
Exploiting multi-agent delegation patterns to achieve lateral movement, privilege escalation, and command-and-control through impersonation and insecure inter-agent communication.
Agent Goal Hijacking
Techniques for redirecting AI agent objectives through poisoned inputs, indirect prompt injection, and multi-step manipulation -- the #1 ranked risk in OWASP's 2026 Agentic Top 10.
Agent Identity and Credential Theft
Exploiting how AI agents authenticate to external services -- credential theft through agent manipulation, MFA bypass, and impersonation attacks including BodySnatcher and CVE-2025-64106.
Agent Memory Poisoning
Techniques for injecting malicious content into agent memory systems -- conversation history, RAG stores, and vector databases -- to achieve persistent cross-session compromise.
Agent Supply Chain Attacks
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
Autonomous Goal Drift
How autonomous AI agents drift from intended objectives through reward hacking, specification gaming, safety system bypass, and cascading failures in multi-agent systems.
Manipulating Reasoning Chains
Techniques for influencing an AI agent's chain-of-thought reasoning to steer its planning, decision-making, and tool selection toward attacker-desired outcomes.
Function Calling Exploitation
Practical attacks against OpenAI function calling, Anthropic tool use, and similar APIs -- injecting function calls through prompt injection, exploiting parameter validation gaps, and chaining calls.
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
MCP Security: Understanding and Defending the Protocol
A comprehensive guide to Model Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
Attacking Multi-Agent Systems
Exploitation techniques for multi-agent architectures including inter-agent injection, trust boundary violations, cascading compromises, and A2A protocol attacks.
Rogue and Shadow Agents
How compromised, misaligned, or unauthorized AI agents operate within systems -- rogue agents that act harmfully while appearing legitimate, and shadow agents deployed without security review.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
Tool Use Exploitation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Zero-Click Agent Compromise
Attacks where AI agents are compromised without any user interaction -- processing malicious content triggers autonomous execution, data exfiltration, and system compromise.
API Orchestrator Attacks
Attack techniques targeting AI agents that orchestrate multiple API calls, including parameter injection across API chains, confused deputy attacks in multi-API workflows, and exploiting trust relationships between orchestrated services.
Browser Agent Exploitation
Attack techniques targeting AI agents that control web browsers, including DOM injection, navigation hijacking, credential theft, and cross-origin exploitation of browser-controlling agents.
Code Agent Manipulation
Techniques for manipulating AI agents that generate, execute, and review code, including injection through code context, repository poisoning, execution environment attacks, and code review manipulation.
Computer Use Agent Attacks
Comprehensive analysis of attack vectors targeting AI systems with computer use capabilities, including GUI manipulation, pixel-level injection, and desktop environment exploitation techniques.
Email Agent Exploitation
Techniques for exploiting AI agents that process, summarize, draft, and act on emails, including injection through email content, attachment-based attacks, and workflow manipulation.
File System Agent Risks
Security risks of AI agents with file system access, including path traversal exploitation, symlink attacks, file content injection, data exfiltration through file operations, and privilege escalation via file system manipulation.
AI Agent Exploitation
Methodology for exploiting AI agent architectures through confused deputy attacks, goal hijacking, privilege escalation, and sandbox escape.
Agent Memory Poisoning
Techniques for poisoning AI agent short-term and long-term memory systems to achieve persistent compromise, inject behavioral backdoors, and survive conversation resets.
Scheduling Agent Attacks
Attack techniques targeting AI scheduling assistants that manage calendars, book meetings, and coordinate schedules, including calendar injection, availability manipulation, and scheduling-based social engineering.
Voice Agent Attacks
Attack techniques targeting voice-controlled AI agents, including adversarial audio injection, ultrasonic commands, voice cloning for authentication bypass, and conversation hijacking in voice-first AI systems.
Function Calling Exploitation
Overview of how LLM function/tool calling works, the attack surface it creates, and systematic approaches to exploiting function calling interfaces in AI systems.
Agentic Exploitation
Comprehensive coverage of security vulnerabilities in agentic AI systems, including MCP tool exploitation, multi-agent protocol attacks, function calling abuse, memory system compromise, framework-specific weaknesses, and workflow pattern attacks.
AWS Bedrock Agent Security Assessment
Security assessment of AWS Bedrock Agents including action groups, knowledge bases, and guardrail configurations.
AWS Bedrock Agents Security
Security assessment of AWS Bedrock Agents including action groups, knowledge bases, and guardrail integration.
GCP Vertex AI Agent Builder Security
Security assessment of Google Vertex AI Agent Builder including grounding, tool use, and safety settings.
Summer 2026 CTF: Agentic AI Security
An agentic AI security focused CTF with escalating agent challenges covering tool exploitation, multi-agent attacks, indirect injection, and agent persistence.
Agent Architectures & Tool Use Patterns
How ReAct, Plan-and-Execute, and LangGraph agent patterns work — tool definition, invocation, and result processing — and where injection happens in each architecture.
World Model Exploitation in AI Agents
Exploiting learned world models in AI agents to cause unsafe behavior through environmental manipulation.
Lab: Computer Use Agent Exploitation
Hands-on lab exploring attack vectors against GUI-based computer use agents that interact with screens through vision and action primitives.
Lab: Exploiting AI Agents
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
Lab: Agent Memory Manipulation
Hands-on lab for injecting persistent instructions into an agent's memory and context that affect future interactions and conversations.
Lab: Agent Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
Lab: Data Exfiltration Techniques
Hands-on lab for extracting sensitive data from AI systems including system prompt extraction, context leakage via markdown rendering, and URL-based data exfiltration.
Lab: Function Calling Injection
Hands-on lab for exploiting function calling mechanisms by crafting inputs that manipulate which functions get called and with what parameters.
Lab: MCP Tool Abuse Scenarios
Hands-on lab for exploiting Model Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
Lab: Agent Permission Escalation
Hands-on lab for tricking AI agents into performing actions beyond their intended scope through privilege escalation techniques.
Lab: Tool Result Poisoning
Hands-on lab for poisoning tool outputs to redirect agent behavior by injecting malicious content through tool results.
Lab: Workflow Hijacking
Hands-on lab for redirecting multi-step agent workflows to perform unintended actions by manipulating intermediate states and control flow.
Agent Privilege Escalation Walkthrough
Walkthrough of escalating privileges in multi-agent systems through trust chain exploitation.
AWS Bedrock Red Team Walkthrough
Complete guide to red teaming AWS Bedrock deployments: testing guardrails bypass techniques, knowledge base data exfiltration, agent prompt injection, model customization abuse, and CloudTrail evasion.
CrewAI Agent Application Security Testing
End-to-end walkthrough for security testing CrewAI agent applications: crew enumeration, agent role exploitation, task injection, tool security assessment, delegation chain manipulation, and output validation.
LangChain Application Security Testing
End-to-end walkthrough for security testing LangChain applications: chain enumeration, prompt injection through chains, tool and agent exploitation, retrieval augmented generation attacks, and memory manipulation.
LlamaIndex RAG Application Security Testing
End-to-end walkthrough for security testing LlamaIndex RAG applications: index enumeration, query engine exploitation, data connector assessment, response synthesis manipulation, and agent pipeline testing.
代理 Delegation 攻擊s
利用ing multi-agent delegation patterns to achieve lateral movement, privilege escalation, and command-and-control through impersonation and insecure inter-agent communication.
代理 Goal Hijacking
Techniques for redirecting AI agent objectives through poisoned inputs, indirect prompt injection, and multi-step manipulation -- the #1 ranked risk in OWASP's 2026 Agentic Top 10.
代理 Identity and Credential Theft
利用ing how AI agents authenticate to external services -- credential theft through agent manipulation, MFA bypass, and impersonation attacks including BodySnatcher and CVE-2025-64106.
代理 記憶體 投毒
Techniques for injecting malicious content into agent memory systems -- conversation history, RAG stores, and vector databases -- to achieve persistent cross-session compromise.
代理 Supply Chain 攻擊s
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
Autonomous Goal Drift
How autonomous AI agents drift from intended objectives through reward hacking, specification gaming, safety system bypass, and cascading failures in multi-agent systems.
操弄推理鏈
影響 AI 代理的 chain-of-thought 推理,將其規劃、決策與工具選擇導向攻擊者期望結果的技術。
Function Calling 利用ation
Practical attacks against OpenAI function calling, Anthropic tool use, and similar APIs -- injecting function calls through prompt injection, exploiting parameter validation gaps, and chaining calls.
代理與代理式利用
自主 AI 代理的安全概覽,涵蓋由工具呼叫、持久記憶體、多步推理與多代理協調所建立的擴大攻擊面。
MCP 安全: Understanding and Defending the Protocol
A comprehensive guide to 模型 Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
攻擊多代理系統
針對多代理架構的攻擊技術,涵蓋代理間注入、信任邊界破壞、連鎖入侵,以及 A2A 協定攻擊。
Rogue and Shadow 代理s
How compromised, misaligned, or unauthorized AI agents operate within systems -- rogue agents that act harmfully while appearing legitimate, and shadow agents deployed without security review.
利用代理工具使用
如何操弄 AI 代理,使其以攻擊者可控的參數呼叫工具,並濫用其能力達成資料外洩、提權,以及未授權動作。
工具 Use 利用ation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Zero-Click 代理 Compromise
攻擊s where AI agents are compromised without any user interaction -- processing malicious content triggers autonomous execution, data exfiltration, and system compromise.
API Orchestrator 攻擊s
攻擊 techniques targeting AI agents that orchestrate multiple API calls, including parameter injection across API chains, confused deputy attacks in multi-API workflows, and exploiting trust relationships between orchestrated services.
Browser 代理 利用ation
攻擊 techniques targeting AI agents that control web browsers, including DOM injection, navigation hijacking, credential theft, and cross-origin exploitation of browser-controlling agents.
Code 代理 Manipulation
Techniques for manipulating AI agents that generate, execute, and review code, including injection through code context, repository poisoning, execution environment attacks, and code review manipulation.
Computer Use 代理 攻擊s
Comprehensive analysis of attack vectors targeting AI systems with computer use capabilities, including GUI manipulation, pixel-level injection, and desktop environment exploitation techniques.
Email 代理 利用ation
Techniques for exploiting AI agents that process, summarize, draft, and act on emails, including injection through email content, attachment-based attacks, and workflow manipulation.
File System 代理 Risks
安全 risks of AI agents with file system access, including path traversal exploitation, symlink attacks, file content injection, data exfiltration through file operations, and privilege escalation via file system manipulation.
AI 代理利用
經混淆代理攻擊、目標劫持、特權升級與沙箱逃逸利用 AI 代理架構之方法論。
代理記憶投毒
投毒 AI 代理短期與長期記憶系統的技術,以達成持久入侵、注入行為後門,並於會話重置後存活。
Scheduling 代理 攻擊s
攻擊 techniques targeting AI scheduling assistants that manage calendars, book meetings, and coordinate schedules, including calendar injection, availability manipulation, and scheduling-based social engineering.
Voice 代理 攻擊s
攻擊 techniques targeting voice-controlled AI agents, including adversarial audio injection, ultrasonic commands, voice cloning for authentication bypass, and conversation hijacking in voice-first AI systems.
函式呼叫攻擊(Function Calling Exploitation)
概述 LLM 函式/工具呼叫的運作方式、其產生的攻擊面,以及對 AI 系統中函式呼叫介面進行利用的系統化方法。
代理式利用
代理式 AI 系統中安全漏洞的完整涵蓋,包含 MCP 工具利用、多代理協議攻擊、函式呼叫濫用、記憶體系統入侵、框架特定弱點與工作流程模式攻擊。
章節評量:代理利用
15 題校準評量,測試你對代理式 AI 利用的理解——工具濫用、MCP 攻擊、記憶體投毒與多代理安全。
AWS Bedrock 代理 安全 評量
安全 assessment of AWS Bedrock 代理s including action groups, knowledge bases, and guardrail configurations.
AWS Bedrock 代理s 安全
安全 assessment of AWS Bedrock 代理s including action groups, knowledge bases, and guardrail integration.
GCP Vertex AI 代理 Builder 安全
安全 assessment of Google Vertex AI 代理 Builder including grounding, tool use, and safety settings.
2026 年夏季 CTF:代理 AI 安全
以代理 AI 安全為焦點之 CTF,具涵蓋工具利用、多代理攻擊、間接注入與代理持久性之升級代理挑戰。
代理架構與工具使用模式
ReAct、Plan-and-Execute 與 LangGraph 代理模式如何運作——工具定義、呼叫與結果處理——以及注入於每個架構中發生之處。
World 模型 利用ation in AI 代理s
利用ing learned world models in AI agents to cause unsafe behavior through environmental manipulation.
實作:Computer Use 代理攻擊
探索針對以 GUI 為本之 computer use 代理(透過視覺與動作原語與畫面互動)之攻擊向量的實作課程。
實驗室: 利用ing AI 代理s
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
實驗室: 代理 記憶體 Manipulation
Hands-on lab for injecting persistent instructions into an agent's memory and context that affect future interactions and conversations.
實驗室: 代理 Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
實驗室: Data Exfiltration Techniques
Hands-on lab for extracting sensitive data from AI systems including system prompt extraction, context leakage via markdown rendering, and URL-based data exfiltration.
實驗室: Function Calling Injection
Hands-on lab for exploiting function calling mechanisms by crafting inputs that manipulate which functions get called and with what parameters.
實驗室: MCP 工具 Abuse Scenarios
Hands-on lab for exploiting 模型 Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
實驗室: 代理 Permission Escalation
Hands-on lab for tricking AI agents into performing actions beyond their intended scope through privilege escalation techniques.
實驗室: 工具 Result 投毒
Hands-on lab for poisoning tool outputs to redirect agent behavior by injecting malicious content through tool results.
實驗室: Workflow Hijacking
Hands-on lab for redirecting multi-step agent workflows to perform unintended actions by manipulating intermediate states and control flow.
代理 Privilege Escalation 導覽
導覽 of escalating privileges in multi-agent systems through trust chain exploitation.
AWS Bedrock 紅隊 導覽
Complete guide to red teaming AWS Bedrock deployments: testing guardrails bypass techniques, knowledge base data exfiltration, agent prompt injection, model customization abuse, and CloudTrail evasion.
CrewAI 代理 Application 安全 Testing
End-to-end walkthrough for security testing CrewAI agent applications: crew enumeration, agent role exploitation, task injection, tool security assessment, delegation chain manipulation, and output validation.
LangChain Application 安全 Testing
End-to-end walkthrough for security testing LangChain applications: chain enumeration, prompt injection through chains, tool and agent exploitation, retrieval augmented generation attacks, and memory manipulation.
LlamaIndex RAG Application 安全 Testing
End-to-end walkthrough for security testing LlamaIndex RAG applications: index enumeration, query engine exploitation, data connector assessment, response synthesis manipulation, and agent pipeline testing.