The Promptware Kill Chain: From Prompt Injection to Multi-Step LLM Malware (Feb. 26th)
Thursday, February 26th, 2026: 2:00 PM to 3:00 PM
In this talk, we examine the evolution of prompt injection attacks and show how they have gradually developed into a five-stage kill chain consisting of (1) initial access, (2) privilege escalation, (3) persistence, (4) lateral movement, and (5) actions on objectives.
We begin by introducing the concept of Promptware, followed by an overview of the kill chain.
We then analyze each stage in detail: the evolution of initial access (from direct to indirect prompt injection, including evasion techniques across multiple modalities); privilege escalation (from "ignore previous instructions" attacks to delayed tool invocation); persistence mechanisms (from volatile state to RAG-dependent and RAG-independent persistence); lateral movement (from none, to on-device, and ultimately off-device movement); and actions on objectives (from benign proof-of-concept messages such as "haha pwned" to full remote code execution).
Hosted by Black Hat