TL;DR for operators A suspicious domain appears in a DNS log. A conventional classifier either recognises it, misses it, or assigns a confidence score that someone in the SOC must interpret while pretending the queue is under control. The paper’s more interesting proposal is not “let an LLM summarise the alert”. That would be the enterprise equivalent of putting a helpful intern on a fire alarm. ...
TL;DR for operators The paper’s core warning is simple: a RAG system may not be reading the same document your employee just approved. A PDF, HTML page, or DOCX file can look clean to a human reviewer while carrying hidden text, altered Unicode, poisoned fonts, or layout tricks that a document loader still extracts. ...
TL;DR for operators A support agent reads a customer email. It checks a CRM record. It calls a refund API. It writes a note into long-term memory. It asks another agent to verify policy. Somewhere in that chain, a malicious instruction hides inside a message, document, issue tracker entry, retrieved snippet, schema, or tool response. The model does not need to become “evil”. It only needs to be helpful in the wrong direction. ...