Call Chains
This technique has been demonstrated in research or controlled environments.
Adversaries may extract call chains from AI agent configurations, which can reveal potentially targets for remote code execution (RCE) or other vulnerabilities. Vulnerable call chains often connect user inputs or LLM outputs to an execution sink (e.g. exec, eval, os.popen). The vulnerabilities may be later exploited via [LLM Prompt Injection](/techniques/AML.T0051).
Adversaries may systematically identify potentially vulnerable call chains present in LLM frameworks, then scan for applications that are configured to use these call chains for targeting [\[1\]][1].
[1]: https://arxiv.org/abs/2309.02926