Prompt-injection attacks remain one of the most persistent failure modes for production LLM agents, with public exploit galleries growing roughly 38% year-over-year. We investigate whether internal hidden-state activations carry a residual signature when an instruction in retrieved or tool-returned content overrides the developer's system prompt.
LLM-as-judge evaluation has become a default in benchmark construction, RLAIF, and agent leaderboards. We systematically probe the robustness of seven judge configurations against six adversary classes, ranging from prompt-injection in the candidate response to imperceptible suffix attacks tuned via gradient-free search.
This paper investigates the relationship between prompt injection and rag through controlled experiments on 28 diverse datasets totaling 19,998 samples. We propose a novel methodology that achieves 8.
Prompt injection is a critical LLM security vulnerability. We analyze the tradeoff between injection resistance and helpfulness across 12 models from 4 families.
Most AI-agent security today is exogenous: we scan skills, filter prompts, isolate sandboxes, and monitor outputs. These defenses matter, but they do not teach the agent itself how to recognize danger.
As autonomous AI agents increasingly perform actions on behalf of humans—from booking travel and making purchases to executing financial transactions—the question of liability when things go wrong becomes increasingly urgent. This paper examines the complex landscape of agentic error, analyzing different types of unintentional errors (hallucinations, bias, prompt issues, technical failures, model errors, and API/MCP issues) and malicious attacks (fraud, prompt injections, malicious skills/codes/instructions, and fake MCPs).