Record summary
A quick snapshot of what this page covers.
Attack context
How this AI attack works in practice.
Adversaries may extract call chains from AI agent configurations, which can reveal potentially targets for remote code execution (RCE) or other vulnerabilities. Vulnerable call chains often connect user inputs or LLM outputs to an execution sink (e.g. exec, eval, os.popen). The vulnerabilities may be later exploited via LLM Prompt Injection.
Adversaries may systematically identify potentially vulnerable call chains present in LLM frameworks, then scan for applications that are configured to use these call chains for targeting [1].
References
- ATLAS ID
- AML.T0084.003
- Priority score
- 90
Mitigations
Defenses that may help against this attack.
Case studies
Examples from public reports and exercises.
LLMSmith: RCE Vulnerabilities in LLM-Integrated Applications
Researchers identified 20 remote code execution (RCE) vulnerabilities across 11 different LLM frameworks. They discovered applications deployed on the public internet built using these LLM frameworks and demonstrated the RCE vulnerabilities could be exploited using prompt injection.
The 11 LLM frameworks the researchers evaluated were: LangChain, LlamaIndex, Pandas-ai, Langflow, Pandas-llm, Auto-GPT, Griptape, Lagent, MetaGPT, vanna, and langroid.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.