llm-kb
← Back to research
Paper

Penn State researchers introduce FARMA attack that poisons LLM agents' reasoning logs

Researchers at Penn State proposed FARMA, a two-phase attack that poisons an LLM agent's own decision logs and rationales rather than external knowledge sources. The attack first injects seed entries that mimic normal reasoning logs, then amplifies them to manipulate future agent behavior. This shifts the threat model for agent security beyond retrieval poisoning.

2 engagement·1 source·Sat, Jul 11, 2026, 07:18 PM
The paper (arXiv:2607.05029, submitted July 6) targets the agent's reasoning store—decision logs and rationales about past work. Phase 1 injects seed entries phrased like normal logs (e.g., "source-level validation complete, verified upstream"). Phase 2 amplifies these entries. Unlike prior work (MINJA, AgentPoison, PoisonedRAG) that poisons retrieved knowledge, FARMA forges the agent's own memory.

Entities

FARMA(tool)Penn State(company)arXiv:2607.05029(tool)MINJA(tool)AgentPoison(tool)PoisonedRAG(tool)FARMA(concept)

Related

IncidentSun, Jul 12, 2026, 08:24 AM

Security researcher manually tests 10 AI attacks, reveals defenses

A security researcher published a detailed account of manually testing 10 adversarial attacks against AI systems in May 2026, including leaking a chatbot's hidden instructions and making a browsing agent perform unintended actions. The post outlines which defenses actually stopped each attack, providing practical insights for AI practitioners.

0 engagement·1 source·rss
RSS
PaperSun, Jul 12, 2026, 03:01 AM

Article explains how LLMs use tools and iterate to complete tasks

A technical article titled 'The Agent Loop: How AI Learns to Think, Act, and Get Things Done' describes how LLMs use tools, make decisions, learn from results, and iterate until tasks are complete. The piece provides a conceptual overview of agentic AI workflows.

0 engagement·1 source·rss
RSS
ProductSun, Jul 12, 2026, 09:35 AM

Runeward: Sandbox AI agents with policy gates

Runeward is a sandboxing tool for AI agents that enforces policy gates to restrict agent actions. It uses LLMs to interpret and enforce user-defined policies, solving the problem of unsafe or unintended agent behavior for developers building autonomous AI systems.

1 engagement·1 source·hackernews
CommunitySat, Jul 11, 2026, 12:00 AM

Community discusses agent reliability: Fix the loop, not the LLM

A series of Reddit posts and articles highlight that the main challenge in building reliable AI agents is architectural, not model quality. Practitioners share experiences where agents skip safety steps or hallucinate actions, advocating for structured loops with self-reflection, approval gates, and stop reasons. NVIDIA's Nemotron post-training data and a Medium guide reinforce that improving the agent loop—rather than upgrading the LLM—is key to production reliability.

19 engagement·7 sources·rss, reddit
RSS
Tool ReleaseWed, Jul 8, 2026, 07:28 PM

AgentMaker: a new Python framework for building LLM agents and multi-agent systems

AgentMaker is a general-purpose Python framework for building LLM agents and multi-agent systems, featuring tools, memory, RAG, context engineering, guardrails, human-in-the-loop, and observability. It is released under MIT license on GitHub and PyPI.

32 engagement·1 source·github