From Prompt Injections to Protocol Exploits: Threats in LLM-Powered Systems

This peer-reviewed paper surveys security threats in LLM-powered systems, focusing on attack types such as prompt leaking, prompt injection, and broader protocol exploits that can impact data confidentiality and system integrity.[8] Using frameworks like PromptInject, the authors examine how sensitive information can be exposed or manipulated through LLM interactions and recommend systematic testing and hardening approaches for organizations deploying LLMs and AI agents.[8]

According to the article, LLM-powered systems are exposed to a spectrum of interaction-level threats including prompt leaking, direct and indirect prompt injection, and protocol or tool-use exploits that can compromise confidentiality and system integrity.[3][4][5][8] The paper uses frameworks such as PromptInject to systematically test how attacker-crafted inputs can override system instructions, exfiltrate hidden prompts or sensitive data, and manipulate AI agents’ workflows.[3][4][8] From a CyberSE.AI perspective, this implies organizations need secure-by-design agent architectures, rigorous business-logic review for tool and protocol invocation paths, and continuous red teaming to detect and harden against evolving prompt injection and protocol-abuse patterns before they lead to data leakage or unauthorized actions.[1][3][4][5] Implementing structured input/output controls, least-privilege tooling for agents, and ongoing adversarial testing materially reduces the blast radius of these interaction-centric LLM threats.[1][3][4]