Researchers from the Polish Academy of Information Technology assigned security risks to LLM’s browser tool agents. studies It provides a comprehensive model of threat and defines many serious security problems such as rapid injection, circumventing the field and recovering data.
Through an in -depth analysis of the famous open source project browser, they explain how the unprotected web content can reduce the agent’s behavior and lead to serious security palaces. To face these threats, the researchers propose a multi -layer security strategy that includes addressing inputs and isolation between planning and implementation, official security analyzes and monitoring the session to protect from both primary attacks and subsequent exploitation.
- AI agents based on LLMS is used to automate complex web details, but their dependence on dynamic content and user data exposes them to large -scale attacks.
- The rapid injection is a decisive weakness in which harmful content manipulates the behavior of the agent and can lead to the leakage of data or incorrect measures.
- The browser used an open source agent, which was identified as a particularly vulnerable to expectations, the lack of verification of the field, and enable the agent’s pieces and unauthorized movement.
- Study technicians such as military inputs, automatic rewriting the text, the discovery of LLM for harmful content, and architectural isolation between planning and implementation units in defense against initial attacks.
- The use of the browser suffers from a critical deficiency in checking the health of the field, which allows the attackers to circumvent security restrictions by addressing the URL structure.
- Empowering fast injections in the use of the browser, enabling the previous nomination of sensitive data by injecting harmful messages into the HTML content that the agent reads.
