You’re offline. This is a read only version of the page.
Skip to main content
KTH Degree Project Portal
Växla navigering
Assignments
Subscribe
About KTH Degree Project Portal
About KTH Degree Project Portal
For Employers
For Students
FAQ
English
English
Svenska
Sign in
Apply using email
Apply using URL
General
Headline
*
*
Organization/Company
*
Location
*
Assignment Type
*
Description
*
*
Background and Motivation: LLMs are now being integrated in all parts of the digital infrastructure. Prompt injection attacks, where malicious input manipulates the LLM’s behavior, is a unique type of attack emerging for these systems. As the field is relatively new research in this area wild-grown. At the same time, LLMs are increasingly interconnected as autonomous agents by means of for instance the Model Context Protocol (MCP) introduces additional attack vectors by externalizing model context and tool access. Recently reported MCP threats include tool poisoning, tool shadowing, preference manipulation, and rug-pull attacks [1]. Liu et al. [2] introduced some conceptual structure, by formalizing and benchmarking prompt injection attacks but stopped short of offering a reusable threat modeling framework suitable for systematic analysis and design-time reasoning. Objectives: This project aims to develop a reusable threat modeling language for prompt injection and MCP-based attacks using the Meta Attack Language (MAL) framework. MAL conceptualizes threats into attack graphs that can be automatically generated for some given system configuration specification. The following steps will be included in the project: - Literature review: where MCP and prompt injection attacks are identified and collected. - Language Design: where appropriate threat modeling assets and associations are defined in MAL and the identified attack types are related to the assets and associations. - Validation and demonstration: A number of examples of prompt injection and MCP attacks reported in case reports are used to ensure that the developed language indeed is able to express the incidents as reported. (For the attack graph generation from the threat models, existing MAL tooling can be used.) - Model automation: develop a tool that can automatically generate a model in the developed language from a MCP LLM agent pipeline. References: [1] Hou et al., Model Context Protocol: Landscape, Security Threats, and Future Research Directions, 2025. https://doi.org/10.48550/arXiv.2503.23278 [2] Liu Y., et al., Formalizing and Benchmarking Prompt Injection Attacks and Defenses. USENIX Security 2024. https://doi.org/10.48550/arXiv.2310.12815 How to apply: Send your CV and University course grades to Mathias Ekstedt (mekstedt@kth.se). For questions about the project, send an email to the same address. Applications will be evaluated continously.
There are no records to display.
You don't have permissions to view these records.
Error completing request.
Loading...
Create
×
Close
Edit
×
Close
View details
×
Close
Delete
×
Close
Are you sure you want to delete this record?
Error
×
Close
We're sorry, an error has occurred.
Deadline for application
*
*
Publish date
*
*
Credits
30 hp
15 hp
15-30 hp
Application Channel
*
Email
URL
Both
Application Email
*
*
Application URL
*
Application Documents
*
CV, university course degrees
