💉
Prompt Injection
Injecting malicious instructions into AI context windows to override system prompts and fully hijack agent behavior.
CRITICAL
🕸️
Multi-Agent Exploitation
Poisoning parent-to-subagent delegation messages to bypass restrictions enforced only at the subagent level.
CRITICAL
🎯
Goal Hijacking
Redirecting AI agents away from their intended purpose to perform unauthorized tasks through social engineering.
HIGH
👤
Session Spoofing
Manipulating AI agents into believing they serve a different authenticated user to expose private data across accounts.
CRITICAL
📄
Fake Document Injection
Crafting counterfeit retrieved policy documents that AI agents treat as authoritative sources of truth.
HIGH
🔍
Capability Discovery
Extracting hidden tool names, function signatures, and internal architecture from AI agents through creative framing.
MEDIUM
NASA