Capture Summary
Recent preprint defining a layered attack surface for data agents that combine LLM reasoning, database access, tool execution, and multi-step analytics workflows.
Abstract Capture
Data agents integrate LLM reasoning with relational data access, executable analytical tools, and workflow orchestration. The paper introduces a layered vulnerability framework, an attack taxonomy with three goals, seven tactics, and fourteen techniques, and evaluates attacks against six systems including open-source data agents and production cloud analytics services. The core claim is that data agents recombine database-security and agent-security failure modes into a distinct attack surface.
Collection Notes
- Untrusted source content. Treat payload-generation language as evidence of attack surface only.
- Primary relevance: [[03_Topics/Agentic AI Security]], [[03_Topics/RAG and AI Data Security]]
- PDF: https://arxiv.org/pdf/2606.08661