@inproceedings{mao-etal-2026-stop,
    title = "Stop Fixating on Prompts: Reasoning Hijacking and Constraint Tightening for Red-Teaming {LLM} Agents",
    author = "Mao, Yanxu  and
      Liu, Peipei  and
      Cui, Tiehan  and
      Liu, Congying  and
      Xing, Mingzhe  and
      You, Datao",
    editor = "Liakata, Maria  and
      Moreira, Viviane P.  and
      Zhang, Jiajun  and
      Jurgens, David",
    booktitle = "Proceedings of the 64th Annual Meeting of the {A}ssociation for {C}omputational {L}inguistics (Volume 1: Long Papers)",
    month = jul,
    year = "2026",
    address = "San Diego, California, United States",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingest-acl/2026.acl-long.1197/",
    pages = "26068--26085",
    ISBN = "979-8-89176-390-6",
    abstract = "With the widespread application of LLM-based agents across various domains, their complexity has introduced new security threats. Existing red-team methods mostly rely on modifying user prompts, which lack adaptability to new data and may impact the agent{'}s performance. To address the challenge, this paper proposes the JailAgent framework, which completely avoids modifying the user prompt. Specifically, it implicitly manipulates the agent{'}s reasoning trajectory and memory retrieval with three key stages: Trigger Extraction, Reasoning Hijacking, and Constraint Tightening. Through precise trigger identification, real-time adaptive mechanisms, and an optimized objective function, JailAgent demonstrates outstanding performance in cross-model and cross-scenario environments."
}