Promptware Kill Chain
How Prompt Injections Gradually Evolved Into a Multi-Step Malware - https://arxiv.org/pdf/2601.09625
In this paper, we propose that attacks targeting LLM-based applications constitute a distinct class of malware, which we term promptware, and introduce a five-step kill chain model for analyzing these threats.
The framework comprises Initial Access (prompt injection), Privilege Escalation (jailbreaking), Persistence (memory and retrieval poisoning), Lateral Movement (cross-system and crossuser propagation), and Actions on Objective (ranging from data exfiltration to unauthorized transactions).
By mapping recent attacks to this structure, we demonstrate that LLM-related attacks follow systematic sequences analogous to traditional malware campaigns. The promptware kill chain offers security practitioners a structured methodology for threat modeling and provides a common vocabulary for researchers across AI safety and cybersecurity to address a rapidly evolving threat landscape.
Authors: Ben Nassi - School of Electrical and Computer Engineering, Tel Aviv University, Bruce Schneier - Harvard Kennedy School, Oleg Brodt - Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev.
#LLMSecurity #PromptInjection #Promptware #AIAttacks #KillChain #Cybersecurity #Jailbreak #AgentSecurity #ThreatModeling #AdversarialAI #MalwareAnalysis #RAGSecurity #AISecHub #PromptwareKillChain