Function Hijacking Attack Threatens Agentic AI Models
A new paper on arXiv (2604.20994) introduces a function hijacking attack (FHA) that targets function calling in large language models (LLMs) used in agentic AI systems. Unlike existing attacks that focus on semantic preference manipulation, FHA forces the invocation of a specific attacker-chosen function by manipulating the tool selection process. The research highlights vulnerabilities in agentic models' function calling interfaces, which can lead to data tampering, theft, endless loops, or harmful content generation. The attack expands on known injection and jailbreaking methods, demonstrating a novel threat vector for AI-powered systems that rely on external function invocation.
Key facts
- New function hijacking attack (FHA) targets agentic AI models
- FHA manipulates tool selection to force specific function invocation
- Attack differs from existing semantic preference manipulation
- Vulnerabilities include data tampering, theft, endless loops, harmful content
- Paper published on arXiv with ID 2604.20994
- Attack type: cross
- Focuses on function calling LLMs in agentic systems
- Expands on known injection and jailbreaking attacks
Entities
Institutions
- arXiv