Exploiting LLM Agent Supply Chains via Payload-Less Skills
9 hours ago
- #Autonomous Agents
- #LLM Security
- #Supply Chain Attack
- Introduces Semantic Compliance Hijacking (SCH), a payload-less supply chain attack that uses natural language instructions to make LLM agents generate and execute unauthorized code.
- Current security scanning tools fail to detect SCH because it lacks explicit code payloads and harmful AST signatures, achieving a 0.00% detection rate.
- The attack was tested across three agent frameworks and three foundation models, with peak success rates of 77.67% for confidentiality breaches and 67.33% for RCE.
- Multi-Skill Automated Optimization (MS-AO) further enhances the attack's effectiveness.
- Highlights the need to move from signature-based detection to semantic intent validation in LLM agent supply chains.