ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2603.25393v1· 20 results

cs.CRcs.AIcs.SERecentMay 15, 2026

Detecting Privilege Escalation in Polyglot Microservices via Agentic Program Analysis

Penghui Li, Hong Yau Chong, Yinzhi Cao, Junfeng Yang

The paper introduces Neo, an agentic program analysis framework that successfully detects zero-day privilege escalation vulnerabilities in complex, polyglot microservices by combining LLMs with advanc…

View →
cs.CRcs.AIRecentMay 14, 2026

Do Coding Agents Understand Least-Privilege Authorization?

Zheng Yan, Jingxiang Weng, Charles Chen, Dengyun Peng +8 more

The paper introduces a new benchmark and decomposition method, Sufficiency-Tightness Decomposition, demonstrating that current coding agents struggle to accurately infer least-privilege authorization,…

View →
cs.CRcs.DCRecentMar 20, 2026

Kumo: A Security-Focused Serverless Cloud Simulator

Wei Shao, Khaled Khasawneh, Setareh Rafatirad, Houman Homayoun +1 more

The paper introduces Kumo, a novel security-focused simulator that enables controlled analysis of resource sharing and scheduling risks in serverless cloud environments, demonstrating that scheduler c…

View →
cs.CRcs.AIRecentMay 18, 2026

Prompts Don't Protect: Architectural Enforcement via MCP Proxy for LLM Tool Access Control

Rohith Uppala

The paper proposes an architectural proxy (MCP) to enforce robust, reliable tool access control for LLM agents, demonstrating that this structural enforcement is necessary because prompt-based restric…

View →
cs.CRcs.OSRecentMay 27, 2026

A Secure, Manifest-Based Framework for Delegated Privilege Promotion

Rajarshi Chowdhury, Akshay Shah

The paper introduces a secure, manifest-based framework that allows unprivileged processes to safely update and promote narrowly scoped privileged software components without requiring full administra…

View →
cs.CRRecentJun 3, 2026

PS-UIE: Privilege-Separated Integrity Enforcement for User-Space Executable Objects in Confidential VMs

Jingkai Mao, Xiaolin Chang

PS-UIE proposes a privilege-separated architecture to continuously enforce the integrity of file-backed user-space executable objects within Confidential Virtual Machines (CVMs) like AMD SEV-SNP.

View →
cs.CRcs.AIRecentMay 26, 2026

ChainCaps: Composition-Safe Tool-Using Agents via Monotonic Capability Attenuation

Xiaochong Jiang, Shiqi Yang, Ziwei Li, Lifei Liu +2 more

ChainCaps introduces a novel runtime capability budgeting system that prevents 'permission laundering' in complex tool-using agents, significantly reducing attack success rates while maintaining benig…

View →
cs.CRcs.AIcs.SERecentMay 12, 2026

Options, Not Clicks: Lattice Refinement for Consent-Driven MCP Authorization

Ying Li, Yanju Chen, Peiran Wang, Issac Khabra +3 more

The paper introduces Conleash, a client-side middleware that uses a risk lattice to enforce granular, boundary-scoped authorization for tool invocations, significantly improving user consent and secur…

View →
cs.CRcs.AIRecentMay 10, 2026

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Hardik Goel

This paper systematically analyzes security risks in cloud-hosted, tool-enabled AI agents, concluding that most risks stem from over-privileged tools and capability-intent mismatches rather than novel…

View →
cs.CRRecentMay 27, 2026

AgentGuard: An Attribute-Based Access Control Framework for Tool-Use LLM-Based Agent

Jiaqi Luo, Songyang Peng, Jiarun Dai, Zhile Chen +5 more

AgentGuard is an attribute-based access control framework designed to mitigate severe security risks, such as privacy leakage and system compromise, in tool-using LLM-based agents.

View →
cs.CRRecentApr 27, 2026

AgentVisor: Defending LLM Agents Against Prompt Injection via Semantic Virtualization

Zonghao Ying, Haozheng Wang, Jiangfan Liu, Quanchen Zou +4 more

AgentVisor is a novel defense framework that uses semantic virtualization, inspired by OS principles, to significantly reduce LLM agent vulnerability to prompt injection while maintaining high utility…

View →
cs.CRcs.AIcs.SERecentMay 22, 2026

Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

Alfredo Metere

The paper introduces mcp-attested, a security extension to the Model Context Protocol (MCP) that allows hosts to safely admit and restrict the tools used by external, third-party tool servers.

View →
cs.CRRecentMay 20, 2026

VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers

Pengyu Sun, Qishu Jin, Enhao Huang, Zifeng Kang +3 more

VIPER-MCP is a novel, end-to-end automated framework that detects and dynamically confirms the exploitability of taint-style vulnerabilities in Model Context Protocol (MCP) servers, achieving high-fid…

View →
cs.CRcs.OSRecentApr 20, 2026

AgenTEE: Confidential LLM Agent Execution on Edge Devices

Sina Abdollahi, Mohammad M Maheri, Javad Forough, Amir Al Sadi +4 more

AgenTEE is a system that enables the secure, confidential execution of complex LLM agent pipelines directly on edge devices by using isolated confidential virtual machines.

View →
cs.CRcs.AIRecentMay 7, 2026

PragLocker: Protecting Agent Intellectual Property in Untrusted Deployments via Non-Portable Prompts

Qinfeng Li, Yuntai Bao, Jianghui Hu, Wenqi Zhang +4 more

PragLocker is a novel prompt protection scheme that secures valuable LLM agent prompts against theft and reuse by other proprietary models by making them non-portable.

View →
cs.CRcs.AIRecentMar 30, 2026

Evaluating Privilege Usage of Agents with Real-World Tools

Quan Zhang, Lianhang Fu, Lvsi Lian, Gwihwan Go +4 more

The paper introduces GrantBox, a new security sandbox that evaluates how well LLM agents handle real-world tool privileges, finding that agents remain highly vulnerable to sophisticated attacks.

View →
cs.CRRecentMay 6, 2026

SecureMCP: A Policy-Enforced LLM Data Access Framework for AIoT Systems via Model Context Protocol

Wonbae Kim, Hee-Kyong Yoo

SecureMCP proposes a novel, policy-enforced framework that integrates Role-Based Access Control (RBAC) with an MCP server to provide multi-layer, fine-grained defense against malicious LLM-generated S…

View →
cs.CRcs.AIRecentMay 26, 2026

Grimlock: Guarding High-Agency Systems with eBPF and Attested Channels

Qiancheng Wu, Wenhui Zhang, Gan Fang, Sheng Mao +4 more

Grimlock is an Agent Guard that enhances security for high-agency systems by enforcing identity, authorization, and scope-bound communication through eBPF and attested TLS channels, without modifying…

View →
cs.CRcs.AIcs.PLRecentMar 17, 2026

PAuth - Precise Task-Scoped Authorization For Agents

Reshabh K Sharma, Linxi Jiang, Zhiqiang Lin, Shuo Chen

The paper introduces PAuth, a new authorization model that grants agents only the precise permissions needed for a specific natural-language task, preventing overprivileging inherent in existing opera…

View →
cs.CRRecentMar 30, 2026

Attesting LLM Pipelines: Enforcing Verifiable Training and Release Claims

Zhuoran Tan, Jeremy Singer, Christos Anagnostopoulos

The paper proposes an attestation-aware promotion gate to mitigate supply-chain risks in LLM pipelines by cryptographically verifying and enforcing claims about training and release artifacts before d…

View →