Attacking AI-based reverse engineering tools (Cline, GhidraMCP, etc.) using weaponized binaries. ๐ข๐ค๐๐๐ตโ๐ซ
Security researchers from the U.S. Navy - Brian Crawford, Justin Phillips, and Patrick McClure - published two papers last month on a groundbreaking topic: attacking reverse engineering AI agents using prompt injection techniques.
The authors propose various ways to attack the reverse engineering flow of AI-based tools and successfully test their approach on a setup with Cline, GhidraMCP, Ghidra, and Qwen3-8B - injecting prompts using a small C program. Quite impressive.
Important insight: Ghidra truncates string variables longer than 2048 characters. So keep in mind that the attack string has to be short enough to survive decompilation and attack an LLM.
Enjoy the read, and remember that every new code not only makes something faster or better, but also increases the attack surface. Happy hunting!
More details:
Investigating Detection and Obfuscation of Prompt Injection Attacks Against Software Reverse Engineering AI Agents [PDF]: https://arxiv.org/abs/2605.30677
Automatically Attacking Software Reverse Engineering AI Agents [PDF]: https://arxiv.org/abs/2605.30667


