This work presents the first in-depth security analysis of widely used agentic systems for offensive security operations, revealing common design flaws that allow adversaries to exfiltrate API keys and compromise operator machines even within sandboxes.
The authors introduce a full cyber kill chain for these systems, detailing attack progression from initial LLM manipulation through lateral movement, persistence, guardrail bypass, and sandbox escape.
Based on these findings, the study proposes a robust architecture and actionable design principles to mitigate disclosed attack paths at the architectural level.