pith. machine review for the scientific record. sign in

Attractive metadata attack: Inducing LLM agents to invoke malicious tools

Kanghua Mo, Li Hu, Yucheng Long, Zhihao Li · 2025 · arXiv 2508.02110

4 Pith papers cite this work. Polarity classification is still indexing.

4 Pith papers citing it
read on arXiv browse 4 citing papers

fields

cs.AI 2 cs.CR 1 cs.MA 1

years

2026 4

verdicts

UNVERDICTED 3 CONDITIONAL 1

representative citing papers

Five Attacks on x402 Agentic Payment Protocol

cs.CR · 2026-05-12 · conditional · novelty 7.0

Five practical attacks on the x402 agentic payment protocol are demonstrated across authorization, binding, replay protection, and web handling, validated on local chains, Base Sepolia, live endpoints, and three open-source SDKs.

Conjunctive Prompt Attacks in Multi-Agent LLM Systems

cs.MA · 2026-04-17 · unverdicted · novelty 7.0

Conjunctive prompt attacks split adversarial elements across agents and routing paths in multi-agent LLM systems, evading isolated defenses and succeeding through topology-aware optimization.

How Adversarial Environments Mislead Agentic AI?

cs.AI · 2026-04-20 · unverdicted · novelty 6.0

Adversarial compromise of tool outputs misleads agentic AI via breadth and depth attacks, revealing that epistemic and navigational robustness are distinct and often trade off against each other.

citing papers explorer

Showing 4 of 4 citing papers.

  • Five Attacks on x402 Agentic Payment Protocol cs.CR · 2026-05-12 · conditional · none · ref 18

    Five practical attacks on the x402 agentic payment protocol are demonstrated across authorization, binding, replay protection, and web handling, validated on local chains, Base Sepolia, live endpoints, and three open-source SDKs.

  • Conjunctive Prompt Attacks in Multi-Agent LLM Systems cs.MA · 2026-04-17 · unverdicted · none · ref 28

    Conjunctive prompt attacks split adversarial elements across agents and routing paths in multi-agent LLM systems, evading isolated defenses and succeeding through topology-aware optimization.

  • ShieldNet: Network-Level Guardrails against Emerging Supply-Chain Injections in Agentic Systems cs.AI · 2026-04-06 · unverdicted · none · ref 2

    ShieldNet detects supply-chain poisoned tools in LLM agents by monitoring network interactions with a MITM proxy and lightweight classifier, reaching 0.995 F1 and 0.8% false positives on a new benchmark of 25+ attack types.

  • How Adversarial Environments Mislead Agentic AI? cs.AI · 2026-04-20 · unverdicted · none · ref 42

    Adversarial compromise of tool outputs misleads agentic AI via breadth and depth attacks, revealing that epistemic and navigational robustness are distinct and often trade off against each other.