Evaluating Privilege Usage of Agents on Real-World Tools
arXiv:2603.28166v1 Announce Type: cross Abstract: Equipping LLM agents with real-world tools can substantially improve productivity. However, granting agents autonomy over tool use also transfers the associated privileges to both the agent and the underlying LLM. Improper privilege usage may lead to serious consequences, including information leakage and infrastructure damage. While several benchmarks have been built to study agents' security, they often rely on pre-coded tools and restricted interaction patterns. Such crafted environments differ substantially from the real-world, making it ha — Quan Zhang, Lianhang Fu, Lvsi Lian, Gwihwan Go, Yujue Wang, Chijin Zhou, Yu Jiang, Geguang Pu
View PDF HTML (experimental)
Abstract:Equipping LLM agents with real-world tools can substantially improve productivity. However, granting agents autonomy over tool use also transfers the associated privileges to both the agent and the underlying LLM. Improper privilege usage may lead to serious consequences, including information leakage and infrastructure damage. While several benchmarks have been built to study agents' security, they often rely on pre-coded tools and restricted interaction patterns. Such crafted environments differ substantially from the real-world, making it hard to assess agents' security capabilities in critical privilege control and usage. Therefore, we propose GrantBox, a security evaluation sandbox for analyzing agent privilege usage. GrantBox automatically integrates real-world tools and allows LLM agents to invoke genuine privileges, enabling the evaluation of privilege usage under prompt injection attacks. Our results indicate that while LLMs exhibit basic security awareness and can block some direct attacks, they remain vulnerable to more sophisticated attacks, resulting in an average attack success rate of 84.80% in carefully crafted scenarios.
Comments: Accepted to the FSE 2026 Ideas, Visions, and Reflections track
Subjects:
Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)
Cite as: arXiv:2603.28166 [cs.CR]
(or arXiv:2603.28166v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2603.28166
arXiv-issued DOI via DataCite (pending registration)
Submission history
From: Quan Zhang [view email] [v1] Mon, 30 Mar 2026 08:35:00 UTC (216 KB)
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
researchpaperarxiv
Accelerate the path from molecule to market
Siemens and Dotmatics: forward together   The pharmaceutical industry is undergoing one of the most profound transformations in its history. The pressure on companies to innovate faster and more efficiently grows as demographics shift, patients’ life expectancies rise, therapeutic complexity increases, development costs surge and regulatory expectations change as technology evolves. Yet, while manufacturing has embraced digitalization, research and development (R&D) teams remain hindered by […]
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!