Yiruo Cheng

LLM agents are shockingly vulnerable to multi-stage "trojan" attacks that inject malicious instructions into their workspace, achieving near-perfect success rates where standard prompt injection defenses fail.