Salvato in:
Dettagli Bibliografici
Autori principali: Qiu, Jianing, Li, Lin, Sun, Jiankai, Wei, Hao, Xu, Zhe, Lam, Kyle, Yuan, Wu
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2504.03759
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866916674849996800
author Qiu, Jianing
Li, Lin
Sun, Jiankai
Wei, Hao
Xu, Zhe
Lam, Kyle
Yuan, Wu
author_facet Qiu, Jianing
Li, Lin
Sun, Jiankai
Wei, Hao
Xu, Zhe
Lam, Kyle
Yuan, Wu
contents Large language models (LLMs)-powered AI agents exhibit a high level of autonomy in addressing medical and healthcare challenges. With the ability to access various tools, they can operate within an open-ended action space. However, with the increase in autonomy and ability, unforeseen risks also arise. In this work, we investigated one particular risk, i.e., cyber attack vulnerability of medical AI agents, as agents have access to the Internet through web browsing tools. We revealed that through adversarial prompts embedded on webpages, cyberattackers can: i) inject false information into the agent's response; ii) they can force the agent to manipulate recommendation (e.g., healthcare products and services); iii) the attacker can also steal historical conversations between the user and agent, resulting in the leak of sensitive/private medical information; iv) furthermore, the targeted agent can also cause a computer system hijack by returning a malicious URL in its response. Different backbone LLMs were examined, and we found such cyber attacks can succeed in agents powered by most mainstream LLMs, with the reasoning models such as DeepSeek-R1 being the most vulnerable.
format Preprint
id arxiv_https___arxiv_org_abs_2504_03759
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Emerging Cyber Attack Risks of Medical AI Agents
Qiu, Jianing
Li, Lin
Sun, Jiankai
Wei, Hao
Xu, Zhe
Lam, Kyle
Yuan, Wu
Cryptography and Security
Artificial Intelligence
Large language models (LLMs)-powered AI agents exhibit a high level of autonomy in addressing medical and healthcare challenges. With the ability to access various tools, they can operate within an open-ended action space. However, with the increase in autonomy and ability, unforeseen risks also arise. In this work, we investigated one particular risk, i.e., cyber attack vulnerability of medical AI agents, as agents have access to the Internet through web browsing tools. We revealed that through adversarial prompts embedded on webpages, cyberattackers can: i) inject false information into the agent's response; ii) they can force the agent to manipulate recommendation (e.g., healthcare products and services); iii) the attacker can also steal historical conversations between the user and agent, resulting in the leak of sensitive/private medical information; iv) furthermore, the targeted agent can also cause a computer system hijack by returning a malicious URL in its response. Different backbone LLMs were examined, and we found such cyber attacks can succeed in agents powered by most mainstream LLMs, with the reasoning models such as DeepSeek-R1 being the most vulnerable.
title Emerging Cyber Attack Risks of Medical AI Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2504.03759