Jiejun Tan

LLM agents are shockingly vulnerable to multi-stage "trojan" attacks that inject malicious instructions into their workspace, achieving near-perfect success rates where standard prompt injection defenses fail.

LLMs can now recall relevant information from long interaction histories without retraining, thanks to a state-adaptive memory framework that uses lightweight cues to reconstruct distant information on demand.