Zhenlin Xu

LLM agents are shockingly susceptible to memory manipulation, with over 90% of trials vulnerable to attacks that force unintended tool usage and persistent behavioral deviations.