Skip to content
Sagan

Paper

Can a Single Message Paralyze the AI Infrastructure? The Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Unreadunread

AI summary

The authors introduce Mobius Injection, a novel attack that weaponizes LLM agents into zombie nodes for distributed denial-of-service (AbO-DDoS). By injecting a single carefully crafted message that exploits "Semantic Closure" (a structural vulnerability in agent logic), attackers can trigger sustained recursive execution, amplifying a single call up to 51x and inflating latency up to 229x. The attack is lightweight, stealthy against both DDoS monitors and AI safety filters, and scales superlinearly with more poisoned nodes. They propose ACE (Agent Component Energy) Analysis as a proactive defense.

Main takeaways:

  • LLM agents can be turned into DDoS amplifiers via textual injection alone, without modifying infrastructure or exploiting traditional network vulnerabilities.
  • "Semantic Closure" is a structural flaw in agentic logic where recursive execution can be triggered by malicious semantic content embedded in user messages.
  • Experiments across six agent architectures and 12 LLMs show high success rates, with single-node call amplification up to 51x and multi-node p95 latency inflation up to 229x.
  • The attack is stealthy: traditional DDoS monitors don't flag it because it looks like legitimate agent activity, and AI safety filters don't catch it because it's framed as benign text.
  • ACE Analysis detects malicious recursive triggers by measuring component-level energy (presumably computational intensity or invocation patterns).