Why it matters
Agents can email, spend, act on infrastructure. Hijacked agents cause real damage. Understanding matters for agent security.
Advertisement
The architecture
Tool response injection: attacker controls a service the agent calls; injects instructions in response.
Memory poisoning: attacker plants facts in agent's memory that alter future decisions.
Advertisement
How it works end to end
Session manipulation: exploit auth or session handling to inject into ongoing agent conversation.
Chained agents: hijacked sub-agent affects parent's decisions.
Defenses: sandbox tools, treat responses as untrusted, validate memory writes, structural policies on agent actions.