Chaowei Xiao

Current benchmarks mislead on the security of AI agents against indirect prompt injection; robust defenses require dynamic replanning, constrained LLM-based security checks, and human interaction.