FlagThis

Abstract

This talk examines the expanded attack surface introduced by AI agents—LLMs capable of autonomous action (e.g., browsing, shell access, file manipulation). The speaker demonstrates how "Indirect Prompt Injection" allows attackers to embed malicious instructions within untrusted data sources, such as PDFs or emails, to bypass guardrails and exfiltrate sensitive data. The session provides a technical breakdown of the AI agent "planner loop" and offers actionable defense strategies to mitigate these vulnerabilities.