JAW Framework Hijacks Agentic Workflows via Context-Grounded Evolution
Researchers have developed JAW, the first framework to detect and exploit vulnerabilities in agentic workflows that integrate LLM agents on automation platforms like GitHub Actions and n8n. The framework uses Context-Grounded Evolution, evolving workflow inputs under contexts derived from hybrid program analysis to hijack workflows. An adversary can manipulate inputs such as GitHub issue comments to force LLM agents into unwanted actions like credential exfiltration and arbitrary command execution. This risk had not been studied academically before. The paper is available on arXiv under ID 2605.11229.
Key facts
- JAW is the first detection and exploitation framework for agentic workflow hijacking.
- Agentic workflows integrate LLM agents for tasks like code review and data synchronization.
- Platforms affected include GitHub Actions and n8n.
- Adversaries can control inputs like GitHub issue comments to manipulate LLM agents.
- Potential attacks include credential exfiltration and arbitrary command execution.
- The approach is called Context-Grounded Evolution.
- It uses hybrid program analysis to derive contexts for evolving inputs.
- No prior academic work had studied this risk.
Entities
Institutions
- arXiv