Project Description:

LLM-based AI coding agents are becoming prevalent, yet the academic and scientific community has not developed a thorough understanding on how to secure these new technologies. While straightforward attacks (e.g., prompt injection) have been showcased on multiple domains --- including coding --- these are often easy to detect and/or filtering using similar heuristics as other code-in-data attack vectors (e.g., SQL injection attacks).

However, we posit that, in order to carry out successful attacks, we must devise stealthier variants of prompt injection. attacks We propose a latent-space, churn based backdooring technique --- LLandMines -- which appear seemingly benign at first, yet will introduce code fragility and security bugs the more coding agents interact with them.

Requirements:

A successful student for this course should be:
1. Deeply familiar with a coding language such as python, golang or rust (e.g., as provided by a course such as data structures & algorithms or object oriented programming)
2. Strong systems programming background (e.g., through a course such as operating systems)
3. Familiar with computer security (e.g., has taken a computer security course or participated in a CTF competition)

Specifically, skills such as:
1. Mastery of the above languages
2. Familiarity with libraries/frameworks such as Docker, Podman, Ollama or Transformers
3. Passing knowledge on agent development protocols such as A2A or MCP
4. Cursory knowledge on current development practices (e.g., version control systems, automated pull request generation, etc.)