Zombie Agent attacks could be considered a "Zero Click", despite the obviously malicious use there is in terms of regular hacking, I see such attacks as being a vector to spread misinformation; one bad actor could embed instructions for agents to return fake data on the photo of a politician for example.
Not only that but from what I understand, the core issue isn’t just prompt injection anymore, it’s persistence and autonomy. An attacker can inject instructions through external sources (emails, docs, connectors), have the agent store those instructions in memory, and then effectively turn the agent into a long-term insider that keeps exfiltrating data or executing actions without the user realizing.
It feels like traditional guardrails and input filtering won’t be enough if the attack is indirect, persistent, and evolving over time.
How do you people believe LLM vendors and LLM wrappers will be able to fight against such threats?
[link] [comments]
from hacking: security in practice https://ift.tt/b1uVhRE
Comments
Post a Comment