Research
Data-Injection Attacks Widen the Agent Threat Model Beyond Prompt Injection
Argues that beyond indirect prompt injection, 'data injection' — where poisoned data the agent consumes rather than instructions drives malicious actions — is a realistic deployment threat, and characterizes it empirically. It complements the same-day web-agent and memory-attack papers. Takeaway for builders: validate and sandbox tool-returned data, not just user prompts.
Source
↳ Follow the thread