![[2602.20720] AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.20720] AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs
Summary
The paper presents AdapTools, a novel framework for adaptive indirect prompt injection attacks on agentic large language models (LLMs), highlighting its effectiveness against existing defenses.
Why It Matters
As LLMs become integral in various applications, understanding their vulnerabilities is crucial for enhancing security. This research provides insights into adaptive attack strategies that could inform future defenses against prompt injection attacks, a growing concern in AI safety.
Key Takeaways
- AdapTools improves attack success rates by 2.13 times.
- The framework uses adaptive strategies to optimize prompt attacks.
- It identifies stealthy tools to bypass task-relevance defenses.
- Maintains effectiveness against state-of-the-art defense mechanisms.
- Advances the understanding of indirect prompt injection attacks.
Computer Science > Cryptography and Security arXiv:2602.20720 (cs) [Submitted on 24 Feb 2026] Title:AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs Authors:Che Wang, Jiaming Zhang, Ziqi Zhang, Zijie Wang, Yinghui Wang, Jianbo Gao, Tao Wei, Zhong Chen, Wei Yang Bryan Lim View a PDF of the paper titled AdapTools: Adaptive Tool-based Indirect Prompt Injection Attacks on Agentic LLMs, by Che Wang and 8 other authors View PDF HTML (experimental) Abstract:The integration of external data services (e.g., Model Context Protocol, MCP) has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection (IPI) attacks. Existing attack methods are limited by their reliance on static patterns and evaluation on simple language models, failing to address the fast-evolving nature of modern AI agents. We introduce AdapTools, a novel adaptive IPI attack framework that selects stealthier attack tools and generates adaptive attack prompts to create a rigorous security evaluation environment. Our approach comprises two key components: (1) Adaptive Attack Strategy Construction, which develops transferable adversarial strategies for prompt optimization, and (2) Attack Enhancement, which identifies stealthy tools capable of circumventing task-relevance defenses. Comprehensive experimental evaluation shows that AdapTools achieves a ...
