← Back to Library

Evaluating Privilege Usage of Agents on Real-World Tools

Authors: Quan Zhang, Lianhang Fu, Lvsi Lian, Gwihwan Go, Yujue Wang, Chijin Zhou, Yu Jiang, Geguang Pu

Published: 2026-03-30

arXiv ID: 2603.28166v1

Added to Library: 2026-03-31 03:00 UTC

Red Teaming

📄 Abstract

Equipping LLM agents with real-world tools can substantially improve productivity. However, granting agents autonomy over tool use also transfers the associated privileges to both the agent and the underlying LLM. Improper privilege usage may lead to serious consequences, including information leakage and infrastructure damage. While several benchmarks have been built to study agents' security, they often rely on pre-coded tools and restricted interaction patterns. Such crafted environments differ substantially from the real-world, making it hard to assess agents' security capabilities in critical privilege control and usage. Therefore, we propose GrantBox, a security evaluation sandbox for analyzing agent privilege usage. GrantBox automatically integrates real-world tools and allows LLM agents to invoke genuine privileges, enabling the evaluation of privilege usage under prompt injection attacks. Our results indicate that while LLMs exhibit basic security awareness and can block some direct attacks, they remain vulnerable to more sophisticated attacks, resulting in an average attack success rate of 84.80% in carefully crafted scenarios.

🔍 Key Points

  • Introduction of GrantBox: a security evaluation sandbox designed to analyze the privilege usage of LLM agents in real-world environments.
  • Integration of 10 MCP servers with 122 privilege-sensitive tools enabling realistic evaluation scenarios for privilege misuse under real-world conditions.
  • Assessment of LLMs reveals an average attack success rate of 84.80% against sophisticated attacks, highlighting significant vulnerability in privilege control mechanisms.
  • Differentiation in performance between ReAct and Plan-and-Execute agent modes, with ReAct modes showing higher attack success rates, indicating flexibility but lower security awareness.
  • The study shows LLMs have foundational security awareness but struggle with complex or nuanced privilege management, necessitating future advancements in LLM security control.

💡 Why This Paper Matters

The paper presents significant advancements in understanding the security challenges involved when using LLMs with real-world tools, through the introduction of GrantBox. This framework not only broadens the scope of evaluation beyond synthetic environments but also highlights crucial vulnerabilities that must be addressed in LLM development and deployment.

🎯 Why It's Interesting for AI Security Researchers

This paper is highly relevant for AI security researchers as it tackles pressing security concerns regarding the integration of AI agents into sensitive systems. By unveiling the vulnerabilities inherent in current LLMs, particularly in privilege management, it provides a foundation for future research aimed at enhancing AI security, making it essential reading for those involved in AI development and deployment in critical applications.

📚 Read the Full Paper

📄 View on arXiv 📎 Download PDF