Research
- arXiv — Contextualized privacy defense for LLM agents — 2026-03-08
- arXiv — Image-based prompt injection against multimodal LLMs — 2026-03-08
- arXiv — Prompt Injection 2.0: hybrid AI threats — 2026-03-03
- arXiv — Jailbreaking LLMs & VLMs: mechanisms and unified defenses — 2026-03-02
- arXiv — Analysis of LLMs against prompt injection and jailbreak attacks — 2026-02-28
- arXiv — Agentic AI as a cybersecurity attack surface — 2026-02-27
- arXiv — Silent Egress: implicit prompt injection makes LLM agents leak without a trace — 2026-02-27
- OpenReview — Jailbreaking the Matrix with Nullspace Steering — 2026-02-27
- arXiv — LLM-agent threat model and attack taxonomy survey — 2026-02-26
- arXiv — AgentDyn prompt injection benchmark — 2026-02-25
- arXiv — Prompt injection vs LLM rankers — 2026-02-24
- arXiv — Authenticated prompts & context for LLM security — 2026-02-18
- arXiv — Jailbreaking leaves a trace via latent representations — 2026-02-17
- arXiv — Optimizing agent planning for security and autonomy — 2026-02-17
- arXiv — MUZZLE red-teaming web agents against indirect prompt injection — 2026-02-16
- arXiv — Threat modeling for emerging AI-agent protocols — 2026-02-16
- arXiv — The Landscape of Prompt Injection Threats in LLM Agents — 2026-02-12
- Microsoft Security Blog — One-prompt attack breaks LLM safety alignment — 2026-02-11
- arXiv — CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability — 2026-02-09
- arXiv — Bypassing AI control protocols via Agent-as-a-Proxy attacks — 2026-02-07
- arXiv — Learning to Inject: automated prompt injection via reinforcement learning — 2026-02-07
- arXiv — ChatInject: abusing chat templates for prompt injection in LLM agents — 2026-02-05
- arXiv — Systematic Review of LLM Defenses Against Prompt Injection: Expanding NIST Taxonomy — 2026-02-05
- Bengio et al. — 2026 International AI Safety Report: AI-powered cyberattacks and safety-testing evasion — 2026-02-03
- UCSC / The Register — CHAI: physical prompt injection hijacks self-driving cars and drones via road signs — 2026-02-03
- arXiv — AgentDoG: a diagnostic guardrail framework for AI agent safety and security — 2026-02-02
- arXiv — The Promptware Kill Chain: reframing prompt injection as multi-step malware — 2026-02-02
- arXiv — SENTINEL: securing AI agents in cyber-physical systems against deepfake and MCP-mediated attacks — 2026-02-02
- arXiv — System prompt extraction via code agents (JustAsk) — 2026-01-31
- vLLM — Mixture-of-Models routing on AMD GPUs (vLLM-SR) — 2026-01-31
- arXiv/EACL — PHISH: persona jailbreaking via implicit steering in chat history — 2026-01-30
- arXiv — From prompt injections to protocol exploits — 2026-01-30
- arXiv — SoK: prompt injection attacks on agentic coding assistants — 2026-01-30
- arXiv — Thought-Transfer: clean-label poisoning via chain-of-thought traces — 2026-01-30
- arXiv — Cascaded vulnerability attacks in software supply chains (ICSE 2026 EA) — 2026-01-30
- IEEE Spectrum — Why LLMs keep falling for prompt injection (and why agents raise the stakes) — 2026-01-30
- arXiv — Breaking the Protocol: MCP security analysis (capability attestation + origin auth gaps) — 2026-01-30
- arXiv: SoK on prompt injection attacks against agentic coding assistants — 2026-01-30