Agentic Tool Extraction: Multi-turn attacks that expose AI agents (www.giskard.ai)

A new multi-turn attack technique called Agentic Tool Extraction (ATE) has emerged, allowing adversaries to systematically uncover the internal capabilities of AI agents over extended conversations. Unlike traditional single-turn jailbreaks, ATE utilizes seemingly innocuous questions to gradually reconstruct an AI's technical architecture, including function signatures, parameters, and behaviors. This reconnaissance phase enables attackers to exploit the agents to execute harmful actions within connected systems, potentially turning an AI assistant into a vehicle for data breaches and fraudulent activities. The significance of ATE lies in its potential to widen the attack surface for AI-driven systems. As attackers learn to retrieve detailed information about available internal tools, they can craft precise prompts that bypass security measures and trigger unauthorized operations. Consequently, the implications for security are profound; detection and prevention measures must evolve from focusing solely on individual prompts to monitoring full conversation contexts. Organizations need to implement robust defenses that recognize the patterns of information disclosure across multiple exchanges, ensuring that AI systems are safeguarded against this sophisticated threat.