Large Language Model (LLM) based agents integrated into web browsers (often called agentic AI browsers) offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions hidden in a webpage deceive the agent into unwanted actions. These attacks can bypass traditional web security boundaries, as the AI agent operates with the user privileges across sites. In this paper, we present a novel fuzzing framework that runs entirely in the browser and is guided by an LLM to automatically discover such prompt injection vulnerabilities in real time.

翻译：集成到网页浏览器中的大型语言模型（LLM）智能体（通常称为智能AI浏览器）为网络任务提供了强大的自动化能力。然而，它们容易受到间接提示注入攻击，即网页中隐藏的恶意指令诱使智能体执行非预期操作。由于AI智能体以用户权限跨站点运行，此类攻击能够绕过传统的网络安全边界。本文提出了一种全新的模糊测试框架，该框架完全在浏览器中运行，并由LLM引导，能够实时自动发现此类提示注入漏洞。