Saved in:
| Main Authors: | Liu, Shi, Tang, Xuehai, Yang, Xikang, Lin, Liang, Zhou, Biyu, Xiao, Wenjie, Liu, Wantao |
|---|---|
| Format: | Preprint |
| Published: |
2026
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2605.24069 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Similar Items
RouteGuard: Internal-Signal Detection of Skill Poisoning in LLM Agents
by: Xiao, Wenjie, et al.
Published: (2026)
by: Xiao, Wenjie, et al.
Published: (2026)
Chain of Attack: a Semantic-Driven Contextual Multi-Turn attacker for LLM
by: Yang, Xikang, et al.
Published: (2024)
by: Yang, Xikang, et al.
Published: (2024)
MCPTox: A Benchmark for Tool Poisoning Attack on Real-World MCP Servers
by: Wang, Zhiqiang, et al.
Published: (2025)
by: Wang, Zhiqiang, et al.
Published: (2025)
When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation
by: Zhao, Weibo, et al.
Published: (2025)
by: Zhao, Weibo, et al.
Published: (2025)
MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents
by: Zhang, Dongsen, et al.
Published: (2025)
by: Zhang, Dongsen, et al.
Published: (2025)
MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP
by: Li, Ruiqi, et al.
Published: (2026)
by: Li, Ruiqi, et al.
Published: (2026)
Transferable Availability Poisoning Attacks
by: Liu, Yiyong, et al.
Published: (2023)
by: Liu, Yiyong, et al.
Published: (2023)
Sharpness-Aware Data Poisoning Attack
by: He, Pengfei, et al.
Published: (2023)
by: He, Pengfei, et al.
Published: (2023)
LoopTrap: Termination Poisoning Attacks on LLM Agents
by: Xu, Huiyu, et al.
Published: (2026)
by: Xu, Huiyu, et al.
Published: (2026)
Poisoned-MRAG: Knowledge Poisoning Attacks to Multimodal Retrieval Augmented Generation
by: Liu, Yinuo, et al.
Published: (2025)
by: Liu, Yinuo, et al.
Published: (2025)
IndirectAD: Practical Data Poisoning Attacks against Recommender Systems for Item Promotion
by: Wang, Zihao, et al.
Published: (2025)
by: Wang, Zihao, et al.
Published: (2025)
Human-Imperceptible Retrieval Poisoning Attacks in LLM-Powered Applications
by: Zhang, Quan, et al.
Published: (2024)
by: Zhang, Quan, et al.
Published: (2024)
When Skills Lie: Hidden-Comment Injection in LLM Agents
by: Wang, Qianli, et al.
Published: (2026)
by: Wang, Qianli, et al.
Published: (2026)
Memory Poisoning Attack and Defense on Memory Based LLM-Agents
by: Sunil, Balachandra Devarangadi, et al.
Published: (2026)
by: Sunil, Balachandra Devarangadi, et al.
Published: (2026)
BadSkill: Backdoor Attacks on Agent Skills via Model-in-Skill Poisoning
by: Tie, Guiyao, et al.
Published: (2026)
by: Tie, Guiyao, et al.
Published: (2026)
Privacy in Action: Towards Realistic Privacy Mitigation and Evaluation for LLM-Powered Agents
by: Wang, Shouju, et al.
Published: (2025)
by: Wang, Shouju, et al.
Published: (2025)
Poisoning the Pixels: Revisiting Backdoor Attacks on Semantic Segmentation
by: Zhang, Guangsheng, et al.
Published: (2026)
by: Zhang, Guangsheng, et al.
Published: (2026)
Benchmarking Poisoning Attacks against Retrieval-Augmented Generation
by: Zhang, Baolei, et al.
Published: (2025)
by: Zhang, Baolei, et al.
Published: (2025)
When Scanners Lie: Evaluator Instability in LLM Red-Teaming
by: Erez, Lidor, et al.
Published: (2026)
by: Erez, Lidor, et al.
Published: (2026)
RLCracker: Evaluating the Worst-Case Vulnerability of LLM Watermarks with Adaptive RL Attacks
by: Huang, Hanbo, et al.
Published: (2025)
by: Huang, Hanbo, et al.
Published: (2025)
Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems
by: Qu, Yubin, et al.
Published: (2026)
by: Qu, Yubin, et al.
Published: (2026)
When and Where do Data Poisons Attack Textual Inversion?
by: Styborski, Jeremy, et al.
Published: (2025)
by: Styborski, Jeremy, et al.
Published: (2025)
Poisoning Attacks to Local Differential Privacy for Ranking Estimation
by: Zhan, Pei, et al.
Published: (2025)
by: Zhan, Pei, et al.
Published: (2025)
Prompt Injection Attack to Tool Selection in LLM Agents
by: Shi, Jiawen, et al.
Published: (2025)
by: Shi, Jiawen, et al.
Published: (2025)
AgentPoison: Red-teaming LLM Agents via Poisoning Memory or Knowledge Bases
by: Chen, Zhaorun, et al.
Published: (2024)
by: Chen, Zhaorun, et al.
Published: (2024)
When Alignment Isn't Enough: Response-Path Attacks on LLM Agents
by: Luo, Mingyu, et al.
Published: (2026)
by: Luo, Mingyu, et al.
Published: (2026)
PoisonCatcher: Revealing and Identifying LDP Poisoning Attacks in IIoT
by: Shuai, Lisha, et al.
Published: (2024)
by: Shuai, Lisha, et al.
Published: (2024)
Provable Watermarking for Data Poisoning Attacks
by: Zhu, Yifan, et al.
Published: (2025)
by: Zhu, Yifan, et al.
Published: (2025)
SoK: Benchmarking Poisoning Attacks and Defenses in Federated Learning
by: Zhang, Heyi, et al.
Published: (2025)
by: Zhang, Heyi, et al.
Published: (2025)
Reasoning-Style Poisoning of LLM Agents via Stealthy Style Transfer: Process-Level Attacks and Runtime Monitoring in RSV Space
by: Zhou, Xingfu, et al.
Published: (2025)
by: Zhou, Xingfu, et al.
Published: (2025)
Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents
by: Zou, Wei, et al.
Published: (2026)
by: Zou, Wei, et al.
Published: (2026)
PIDP-Attack: Combining Prompt Injection with Database Poisoning Attacks on Retrieval-Augmented Generation Systems
by: Wang, Haozhen, et al.
Published: (2026)
by: Wang, Haozhen, et al.
Published: (2026)
MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector Attacks
by: Hao, Run, et al.
Published: (2026)
by: Hao, Run, et al.
Published: (2026)
Red-Teaming LLM Multi-Agent Systems via Communication Attacks
by: He, Pengfei, et al.
Published: (2025)
by: He, Pengfei, et al.
Published: (2025)
MindGuard: Intrinsic Decision Inspection for Securing LLM Agents Against Metadata Poisoning
by: Wang, Zhiqiang, et al.
Published: (2025)
by: Wang, Zhiqiang, et al.
Published: (2025)
Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services
by: Liu, Wenjie, et al.
Published: (2025)
by: Liu, Wenjie, et al.
Published: (2025)
Activation Gradient based Poisoned Sample Detection Against Backdoor Attacks
by: Yuan, Danni, et al.
Published: (2023)
by: Yuan, Danni, et al.
Published: (2023)
MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs
by: Kong, Dezhang, et al.
Published: (2026)
by: Kong, Dezhang, et al.
Published: (2026)
Defending Against Neural Network Model Inversion Attacks via Data Poisoning
by: Zhou, Shuai, et al.
Published: (2024)
by: Zhou, Shuai, et al.
Published: (2024)
CI-Work: Benchmarking Contextual Integrity in Enterprise LLM Agents
by: Fu, Wenjie, et al.
Published: (2026)
by: Fu, Wenjie, et al.
Published: (2026)
Similar Items
-
RouteGuard: Internal-Signal Detection of Skill Poisoning in LLM Agents
by: Xiao, Wenjie, et al.
Published: (2026) -
Chain of Attack: a Semantic-Driven Contextual Multi-Turn attacker for LLM
by: Yang, Xikang, et al.
Published: (2024) -
MCPTox: A Benchmark for Tool Poisoning Attack on Real-World MCP Servers
by: Wang, Zhiqiang, et al.
Published: (2025) -
When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation
by: Zhao, Weibo, et al.
Published: (2025) -
MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents
by: Zhang, Dongsen, et al.
Published: (2025)