All Talks
AvailableBSides London 2026 · 2026-04 · 45 min
Attacking LLM Agents in Production
Three production-viable attack chains against LLM agents with external tool access. Walkthrough escalating indirect injection to data exfiltration.
Slides (forthcoming)Recording (forthcoming)Demo Repo (forthcoming)
This talk covers the practical exploitation of LLM agents hooked into enterprise APIs.
The Attack Chains
We walked through three distinct scenarios during the presentation.
- Cross-Plugin Request Forgery (CPRF)
- Data Exfiltration via Markdown Images
- Indirect Prompt Injection leading to RCE
WARNING
The demo environment used live models; your reproduction results may vary depending on model updates.