AgentLAB: Benchmarking LLM Agents against Long-Horizon Attacks

LLM agents are increasingly deployed in long-horizon, complex environments to solve challenging problems, but this expansion exposes them to long-horizon attacks that exploit multi-turn user-agent-environment interactions to achieve objectives infeasible in single-turn settings. To measure agent vulnerabilities to such risks, we present AgentLAB, the first benchmark dedicated to evaluating LLM agent susceptibility to adaptive, long-horizon attacks. Currently, AgentLAB supports five novel attack types including intent hijacking, tool chaining, task injection, objective drifting, and memory poisoning, spanning 28 realistic agentic environments, and 644 security test cases. Leveraging AgentLAB, we evaluate representative LLM agents and find that they remain highly susceptible to long-horizon attacks; moreover, defenses designed for single-turn interactions fail to reliably mitigate long-horizon threats. We anticipate that AgentLAB will serve as a valuable benchmark for tracking progress on securing LLM agents in practical settings. The benchmark is publicly available at https://tanqiujiang.github.io/AgentLAB_main.

Key Contributions

• AgentLAB: the first benchmark dedicated to evaluating LLM agent susceptibility to long-horizon attacks, with 644 security test cases across 28 realistic agentic environments
• Five novel long-horizon attack categories: intent hijacking, tool chaining, task injection, objective drifting, and memory poisoning
• Empirical finding that current LLM agents are highly vulnerable to long-horizon attacks and that single-turn defenses fail to transfer to multi-turn agentic settings

🛡️ Threat Analysis

Details

Similar Papers