agent-command-injectionescapes the sandbox using path traversal and chained shell commands.agent-credential-thefttricks the agent into revealing API keys or secrets it can access.agent-data-destructiondrives the agent to delete or wipe data.xpia-documenthides instructions inside a document so the agent runs them when it reads the file.xpia-emailplants commands in an email the agent processes.
Attack Strategies
Agent Exploitation: Attack Strategy
These attacks target AI agents that can use tools, run commands, read files, or call services. The goal is to make the agent do harmful actions in the real
What it is: These attacks target AI agents that can use tools, run commands, read files, or call services. The goal is to make the agent do harmful actions in the real systems it controls.
How the attacks work: The attacker abuses the agent’s tools or hides instructions in content the agent reads. A poisoned email, document, or web page can carry commands the agent follows as if they came from the user.
Real examples from the framework: