Adaptive Attacks Break Defenses Against Indirect Prompt Injection Attacks on LLM Agents
Zhan, Qiusi, Fang, Richard, Panchal, Henil Shalin, Kang, Daniel
–arXiv.org Artificial Intelligence
Large Language Model (LLM) agents exhibit remarkable performance across diverse applications by using external tools to interact with environments. However, integrating external tools introduces security risks, such as indirect prompt injection (IPI) attacks. Despite defenses designed for IPI attacks, their robustness remains questionable due to insufficient testing against adaptive attacks. In this paper, we evaluate eight different defenses and bypass all of them using adaptive attacks, consistently achieving an attack success rate of over 50%. This reveals critical vulnerabilities in current defenses. Our research underscores the need for adaptive attack evaluation when designing defenses to ensure robustness and reliability. The code is available at https://github.com/uiuc-kang-lab/AdaptiveAttackAgent.
arXiv.org Artificial Intelligence
Mar-3-2025
- Country:
- North America > United States
- Texas > Dallas County
- Dallas (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- Illinois > Champaign County
- Urbana (0.04)
- California > Santa Clara County
- Stanford (0.04)
- Texas > Dallas County
- Europe
- Austria > Vienna (0.15)
- Switzerland > Basel-City
- Basel (0.04)
- Sweden > Stockholm
- Stockholm (0.04)
- Poland > Kuyavian-Pomeranian Province
- Bydgoszcz (0.04)
- Denmark > Capital Region
- Copenhagen (0.04)
- Asia
- Middle East > Jordan (0.04)
- Thailand > Bangkok
- Bangkok (0.04)
- China > Jiangsu Province
- Changzhou (0.04)
- Africa > Rwanda
- North America > United States
- Genre:
- Research Report (1.00)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: