Incident · curated 27 Jun 2026
First reported 16 Jun 2026 · 11d ago
Single-source incident — first reported, latest, and curated coincide.
It demonstrates that injection crossing agent trust boundaries evades existing defenses and that the blind spot is the delegation/tool-discovery layer, which defenders of multi-agent systems must guard.
deep-xpia is a benchmark of multi-hop cross-prompt injection (DXPIA) across delegated agent boundaries, with 300 live-measured cases and 8 attack patterns showing 69% land undefended and 12% even with all defenses. It highlights registry injection at tool-discovery (DXPIA-008) entering upstream of all 5 stacked defenses and maps patterns to documented Copilot incidents like EchoLeak.
Why it matters
It demonstrates that injection crossing agent trust boundaries evades existing defenses and that the blind spot is the delegation/tool-discovery layer, which defenders of multi-agent systems must guard.