Search papers, labs, and topics across Lattice.
This paper conducts a comprehensive security analysis of widely used agentic systems in offensive security, revealing critical design flaws that allow adversaries to exfiltrate sensitive information and compromise operators' machines. The authors introduce a detailed cyber kill chain specific to these systems, outlining the stages from initial manipulation to successful attacks, even within sandboxed environments. Key findings highlight the urgent need for improved architectural designs and actionable principles to enhance the security of agentic tools against these vulnerabilities.
Agentic systems used in offensive security are riddled with vulnerabilities that can lead to complete operational compromise, even in controlled environments.
The use of agentic systems to perform offensive security operations has moved from a theoretical possibility to a commoditized capability. However, while the community has focused on creating more and more capable agents, less attention has been allocated to assessing the security of those systems. In this work, we present the first in-depth security analysis of the most widely used agentic systems for offensive security operations. We show that most of these tools share common design flaws that enable an active adversary to exfiltrate API keys, establish persistent footholds, and fully compromise the operator's machine, even when the agent operates inside a sandboxed container. To support our analysis, we introduce a full cyber kill chain for such agentic systems, capturing the progression from initial LLM manipulation to lateral movement, persistence, guardrail bypass, and sandbox escape. Building on our security analysis, we derive a robust architecture for agentic offensive-security tools and propose actionable, broadly applicable design principles that mitigate the disclosed attack paths at the architectural level.