I just watched Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents from Johann Rehberger on the #39c3. He shows quite impressive how the future threat model looks like, the more AI Agents are deployed.
In his talk he demoes a couple of attacks that were applied by using agents. I don’t want to summarize the talk here (you might want to read the heise online article instead), but it is ways beyond “simple prompt injection”!
But my most “aha”-moment was the statement to treat an Agent as a Malicous Internal. Which is probably the worst scenario you want to deal with. Usually you would like to trust your co-workers and not treat them as if they could stab you in the back while smilig at you.
Anyways, I’m pretty sure the technology will evolve into more secure ways. But it will also stay as a new way of attack in the future. I’d recommend checking it out!
https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents
PS: I’d embed it here, but this obviously requires some CSS / WordPressTheme-magic …
Related links:
- 39C3: Power Cycles – media.ccc.de (all videos)
Leave a Reply