PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

ClawSafety: "Safe" LLMs, Unsafe Agents

like OpenClaw run with elevated privileges on users' local machines, where a single successful prompt injection can leak credentials, redirect financial transactions, or destroy files. This threat goes well beyond

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl

Crossing the NL/PL Divide: Information Flow Analysis Across the NL/PL Boundary in LLM-Integrated Code

expert-annotated pairs, with cross-language validation on six real-world OpenClaw prompt injection cases further confirming effectiveness; (2)~taxonomy-informed backward slicing reduces slice size by a mean

Evaluating Privilege Usage of Agents on Real-World Tools

allows LLM agents to invoke genuine privileges, enabling the evaluation of privilege usage under prompt injection attacks. Our results indicate that while LLMs exhibit basic security awareness and can block

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile

Claudini: Autoresearch Discovers State-of-the-Art Adversarial Attack Algorithms for LLMs

attack \textit{algorithms} that \textbf{significantly outperform all existing (30+) methods} in jailbreaking and prompt injection evaluations. Starting from existing attack implementations, such as GCG~\citep{zou2023universal}, the agent iterates

SecureBreak -- A dataset towards safe and secure models

growing body of scientific literature showing that attacks, such as jailbreaking and prompt injection, can bypass existing security alignment mechanisms. As a consequence, additional security strategies are needed both

The production of meaning in the processing of natural language

word order, and discuss the information-theoretic constraints that genuine contextuality imposes on prompt injection defenses and its human analogue, whereby careful construction and maintenance of social contextuality

Caging the Agents: A Zero Trust Security Architecture for Autonomous AI in Healthcare

instructions, sensitive information disclosure, identity spoofing, cross-agent propagation of unsafe practices, and indirect prompt injection through external resources [7]. In healthcare environments processing Protected Health Information, every such vulnerability

MCP-38: A Comprehensive Threat Taxonomy for Model Context Protocol Systems (v1.0)

addresses critical threats arising from MCP's semantic attack surface (tool description poisoning, indirect prompt injection, parasitic tool chaining, and dynamic trust violations), none of which are adequately captured

CoMAI: A Collaborative Multi-Agent Framework for Robust and Equitable Interview Evaluation

scoring, and summarization. These agents work collaboratively to provide multi-layered security defenses against prompt injection, support multidimensional evaluation with adaptive difficulty adjustment, and enable rubric-based structured scoring that

Security Considerations for Artificial Intelligence Agents

across tools, connectors, hosting boundaries, and multi-agent coordination, with particular emphasis on indirect prompt injection, confused-deputy behavior, and cascading failures in long-running workflows. We then assess current

Taming OpenClaw: Security Analysis and Mitigation of Autonomous LLM Agent Threats

execution, and systematically examine compound threats across the agent's operational lifecycle, including indirect prompt injection, skill supply chain contamination, memory poisoning, and intent drift. Through detailed case studies

Follow the Saliency: Supervised Saliency for Retrieval-augmented Dense Video Captioning

that drives retrieval via saliency-guided segmentation and informs caption generation through explicit Saliency Prompts injected into the decoder. By enforcing saliency-constrained segmentation, our method produces temporally coherent segments

Compatibility at a Cost: Systematic Discovery and Exploitation of MCP Clause-Compliance Vulnerabilities

attack surface that allows adversaries to achieve multiple attacks (e.g, silent prompt injection, DoS, etc.), named as \emph{compatibility-abusing attacks}. In this work, we present the first systematic framework

VoiceSHIELD-Small: Real-Time Malicious Speech Detection and Transcription

people to interact with AI systems. This also brings new security risks, such as prompt injection, social engineering, and harmful voice commands. Traditional security methods rely on converting speech

Beyond Input Guardrails: Reconstructing Cross-Agent Semantic Flows for Execution-Aware Attack Detection

autonomous execution and unstructured inter-agent communication introduces severe risks, such as indirect prompt injection, that easily circumvent conventional input guardrails. To address this, we propose \SysName, a framework that

Goal-Driven Risk Assessment for LLM-Powered Systems: A Healthcare Case Study

challenges emerge due to the potential cyber kill chain cycles that combine adversarial model, prompt injection and conventional cyber attacks. Threat modeling methods enable the system designers to identify potential