回到未来：在智能体人工智能和集成平台中破解和保护基于连接的 OAuth 架构.pdf

《回到未来：在智能体人工智能和集成平台中破解和保护基于连接的 OAuth 架构.pdf》由会员分享，可在线阅读，更多相关《回到未来：在智能体人工智能和集成平台中破解和保护基于连接的 OAuth 架构.pdf（122页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsBack to the Future:Hacking&Securing Connection-based OAuth Architecturesin Agentic AI&Integration PlatformsKaixuan Luo1,Xianbo Wang1,Adonis Fung2,Yanxiang Bi1,Wing Cheong Lau11 The Chinese University of Hong Kong2 Samsung Research America#BHUSA BlackHatEventsAbout usXianbo WangP

2、hD Candidate sanebowKaixuan LuoPhD Candidatekaixuanie.cuhk.edu.hkWing C.LauProfessorwclauie.cuhk.edu.hkAdonis FungDirector of Engineering,SYanxiang BiPhD Candidateby022ie.cuhk.edu.hk2#BHUSA BlackHatEventsBackground:Integration Platform,Agentic AI EcosystemOAuth-based delegation of Tool access by Use

3、rs to Integration Platforms&AI AgentsThe new OAuth-as-a-Service(OaaS)paradigm to ease 3rd-party Agent developmentsKey Concepts behind OaaS:Technical details of the non-standard,yet increasingly popular,Connection-based OAuthArchitectures for realizing OaaSClassic Web Attacks resurrected by Connectio

4、n-based OAuth:Cross-Agent/Cross-Tool/Cross-User Confused Deputy,Session Fixation,Open RedirectMitigations and the Intricacies required to get them right Real-World Impact:Case Study,Demo and EvaluationReflections and Summary:Key Takeaways3Agenda#BHUSA BlackHatEventsPreviously BHUSA24:the Pre-Agentic

5、 AI EraMicrosoftPower AutomateMany Tools(a.k.a.Integrations)Handful of Big-nameIntegration PlatformsUsers delegate Tool access/control to a handful of Integration Platforms built-by Big-name Service providers.BHUSA 24 Kaixuan Luo et al.One Hack to Rule Them All:Pervasive Account Takeovers in Integra

6、tion Platforms for Workflow Automation,Virtual Voice Assistant,IoT,&LLM Services.https:/ BlackHatEventsTrending:The Era of Agentic AIMany Tools(a.k.a.Integrations)In the Era of Agentic AI,many 3rd-party developers will build various Agents to serve their customers.Customers will delegate Tool access