From Prompt Injection to Persistent Control: Defending Agentic Harness Against Trojan Backdoors 事件

From Prompt Injection to Persistent Control: Defending Agentic Harness Against Trojan Backdoors arXiv:2605.31042v1 Announce Type: cross Abstract: LLM agents are evolving from conversational chatbots to operational tools in real-world workspaces. In local agentic harnesses, an LLM can read and write files, call tools, and reuse workspace state across sessions. While such capabilities enhance utility, they also expose a new attack surface for attackers. Attackers can embed a prompt injection with