LLM Agent Security

Give a model tools and a loop and it stops being a chatbot and becomes an actor — it can send the email, run the code, move the money. The catch: it decides what to do partly from content it reads along the way, so a hijacked instruction becomes a hijacked action. This is the deep dive on agent loops, why every observation is an injection surface, tool abuse, excessive agency and the confused-deputy problem, autonomous chain hijacks, and the defence stack that actually contains them.