{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T05:21:31Z","timestamp":1780550491898,"version":"3.54.1"},"reference-count":94,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T00:00:00Z","timestamp":1772755200000},"content-version":"vor","delay-in-days":429,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006013","name":"United Arab Emirates University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006013","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Internet of Things and Cyber-Physical Systems"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1016\/j.iotcps.2026.03.001","type":"journal-article","created":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T17:37:31Z","timestamp":1773250651000},"page":"185-209","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"C","title":["Securing LLM agents: From prompt sanitization to autonomous red teaming and beyond"],"prefix":"10.1016","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0632-3172","authenticated-orcid":false,"given":"Mohamed Amine","family":"Ferrag","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Abderrahmane","family":"Lakas","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Norbert","family":"Tihanyi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8941-8080","authenticated-orcid":false,"given":"Merouane","family":"Debbah","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.iotcps.2026.03.001_bib1","series-title":"Building Safe Genai Applications: an end-to-end Overview of Red Teaming for Large Language Models","author":"Purpura","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib2","series-title":"Small Language Models are the Future of Agentic Ai","author":"Belcak","year":"2025"},{"issue":"10","key":"10.1016\/j.iotcps.2026.03.001_bib3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3729219","article-title":"Privacy preserving prompt engineering: a survey","volume":"57","author":"Edemacu","year":"2025","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.iotcps.2026.03.001_bib4","series-title":"Jailbreaking and Mitigation of Vulnerabilities in Large Language Models","author":"Peng","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib5","series-title":"A Survey on Backdoor Threats in Large Language Models (Llms): Attacks, Defenses, and Evaluations","author":"Zhou","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib6","series-title":"Jailbreak Attacks and Defenses Against Multimodal Generative Models: a Survey","author":"Liu","year":"2024"},{"issue":"6","key":"10.1016\/j.iotcps.2026.03.001_bib7","doi-asserted-by":"crossref","first-page":"1666","DOI":"10.3390\/s25061666","article-title":"Generative ai and llms for critical infrastructure protection: evaluation benchmarks, agentic ai, challenges, and opportunities","volume":"25","author":"Yigit","year":"2025","journal-title":"Sensors"},{"key":"10.1016\/j.iotcps.2026.03.001_bib8","series-title":"Jailbreak Attacks and Defenses Against Large Language Models: a Survey","author":"Yi","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib9","series-title":"Llamafirewall: an Open Source Guardrail System for Building Secure Ai Agents","author":"Chennabasappa","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib10","first-page":"1","article-title":"Generative ai in cybersecurity: a comprehensive review of llm applications and vulnerabilities","author":"Ferrag","year":"2025","journal-title":"Int. Thing. Cyber-Phys. Sys."},{"key":"10.1016\/j.iotcps.2026.03.001_bib11","doi-asserted-by":"crossref","first-page":"687","DOI":"10.1613\/jair.1.17654","article-title":"Against the achilles' heel: a survey on red teaming for generative models","volume":"82","author":"Lin","year":"2025","journal-title":"J. Artif. Intell. Res."},{"key":"10.1016\/j.iotcps.2026.03.001_bib12","series-title":"From Llm Reasoning to Autonomous Ai Agents: a Comprehensive Review","author":"Ferrag","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib13","series-title":"The Automation Advantage in Ai Red Teaming","author":"Mulla","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib14","series-title":"2025 Silicon Valley Cybersecurity Conference (SVCC). IEEE","first-page":"1","article-title":"Violentutf as an accessible platform for generative ai red teaming","author":"Nguyen","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib15","series-title":"A Survey of Recent Backdoor Attacks and Defenses in Large Language Models","author":"Zhao","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib18","first-page":"1906","article-title":"Large model based agents: state-of-the-art, cooperation paradigms, security and privacy, and future trends","author":"Wang","year":"2025","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.iotcps.2026.03.001_bib19","doi-asserted-by":"crossref","DOI":"10.1109\/OJCS.2025.3589638","article-title":"Security of internet of agents: attacks and countermeasures","author":"Wang","year":"2025","journal-title":"IEEE Open J. Comput. Soc."},{"key":"10.1016\/j.iotcps.2026.03.001_bib16","article-title":"A review of backdoor attacks and defenses in code large language models: implications for security measures","author":"Qu","year":"2025","journal-title":"Inf. Software Technol."},{"issue":"2","key":"10.1016\/j.iotcps.2026.03.001_bib17","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/s10515-024-00464-7","article-title":"A survey on robustness attacks for deep code models","volume":"31","author":"Qu","year":"2024","journal-title":"Autom. Softw. Eng."},{"key":"10.1016\/j.iotcps.2026.03.001_bib20","series-title":"Automated Red Teaming with Goat: the Generative Offensive Agent Tester","author":"Pavlova","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib21","first-page":"55 005","article-title":"Jailbreakbench: an open robustness benchmark for jailbreaking large language models","volume":"37","author":"Chao","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.iotcps.2026.03.001_bib22","series-title":"Proceedings of the the First Workshop on LLM Security (LLMSEC)","first-page":"7","article-title":"Redhit: adaptive red-teaming of large language models via search, reasoning, and preference optimization","author":"Sorkhpour","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib23","series-title":"Autoredteamer: Autonomous Red Teaming with Lifelong Attack Integration","author":"Zhou","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib24","series-title":"Harmbench: a Standardized Evaluation Framework for Automated Red Teaming and Robust Refusal","author":"Mazeika","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib25","series-title":"Mart: Improving Llm Safety with multi-round Automatic red-teaming","author":"Ge","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib26","series-title":"Mad-Max: Modular and Diverse Malicious Attack Mixtures for Automated Llm Red Teaming","author":"Schoepf","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib27","series-title":"Cop: Agentic red-teaming for Large Language Models Using Composition of Principles","author":"Xiong","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib28","series-title":"Redagent: Red Teaming Large Language Models with context-aware Autonomous Language Agent","author":"Xu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib29","series-title":"Strategize Globally, Adapt Locally: a multi-turn Red Teaming Agent with dual-level Learning","author":"Chen","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib30","series-title":"Effective red-teaming of policy-adherent Agents","author":"Nakash","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib31","series-title":"Advagent: Controllable Blackbox red-teaming on Web Agents","author":"Xu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib32","series-title":"Udora: a Unified Red Teaming Framework Against Llm Agents by Dynamically Hijacking their Own Reasoning","author":"Zhang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib33","series-title":"Agentvigil: Generic black-box red-teaming for Indirect Prompt Injection Against Llm Agents","author":"Wang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib34","unstructured":"C. Guo, C. Xie, Y. Yang, Z. Lin, B. Li, Redcodeagent: automatic red-teaming agent against code agents, arXiv preprint arXiv:2510.02609."},{"key":"10.1016\/j.iotcps.2026.03.001_bib35","series-title":"Redcoder: Automated multi-turn Red Teaming for Code Llms","author":"Mo","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib36","series-title":"Proceedings of the 32nd ACM International Conference on Multimedia","first-page":"3578","article-title":"Arondight: red teaming large vision language models with auto-generated multi-modal jailbreak prompts","author":"Liu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib37","series-title":"Red-Teaming text-to-image Systems by Rule-based Preference Modeling","author":"Cao","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib38","series-title":"2025 IEEE Symposium on Security and Privacy (SP). plus 0.5em Minus 0.4emIEEE","first-page":"373","article-title":"Fuzz-testing meets llm-based agents: an automated and efficient framework for jailbreaking text-to-image generation models","author":"Dong","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib39","series-title":"Evaluating the Robustness of text-to-image Diffusion Models Against real-world Attacks","author":"Gao","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib40","series-title":"Operationalizing a Threat Model for red-teaming Large Language Models (Llms)","author":"Verma","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib41","series-title":"A Red Teaming Roadmap Towards system-level Safety","author":"Wang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib42","first-page":"82 895","article-title":"Agentdojo: a dynamic environment to evaluate prompt injection attacks and defenses for llm agents","volume":"37","author":"Debenedetti","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.iotcps.2026.03.001_bib43","article-title":"Fedmlsecurity: a benchmark for attacks and defenses in federated learning and llms","author":"Han","year":"2023","journal-title":"arXiv preprint arXiv:2306.04959"},{"key":"10.1016\/j.iotcps.2026.03.001_bib44","series-title":"Ring-a-bell! How Reliable are Concept Removal Methods for Diffusion Models?","author":"Tsai","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib45","series-title":"Red Teaming Chatgpt via Jailbreaking: Bias, Robustness, Reliability and Toxicity","author":"Zhuo","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib46","series-title":"Safedecoding: Defending Against Jailbreak Attacks via safety-aware Decoding","author":"Xu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib47","first-page":"40 184","article-title":"Robust prompt optimization for defending language models against jailbreaking attacks","volume":"37","author":"Zhou","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.iotcps.2026.03.001_bib48","series-title":"Smoothllm: Defending Large Language Models Against Jailbreaking Attacks","author":"Robey","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib49","series-title":"Defending Large Language Models Against Jailbreak Attacks via Semantic Smoothing","author":"Ji","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib50","series-title":"Defending Llms Against Jailbreaking Attacks via Backtranslation","author":"Wang","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib51","series-title":"Defensive Prompt Patch: a Robust and Interpretable Defense of Llms Against Jailbreak Attacks","author":"Xiong","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib52","first-page":"64 242","article-title":"Fight back against jailbreaking via prompt adversarial tuning","volume":"37","author":"Mo","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.iotcps.2026.03.001_bib53","series-title":"Repd: Defending Jailbreak Attack Through a Retrieval-based Prompt Decomposition Process","author":"Wang","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib54","series-title":"34th USENIX Security Symposium (USENIX Security 25)","first-page":"2441","article-title":"{SelfDefend}: {LLMs} can defend themselves against jailbreaking in a practical manner","author":"Wang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib55","series-title":"Llms can Defend themselves Against Jailbreaking in a Practical Manner: a Vision Paper","author":"Wu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib56","series-title":"Stshield: Single-Token Sentinel for real-time Jailbreak Detection in Large Language Models","author":"Wang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib57","series-title":"Companion Proceedings of the ACM on Web Conference 2025","first-page":"2078","article-title":"Hsf: defending against jailbreak attacks with hidden state filtering","author":"Qian","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib58","series-title":"Jbshield: Defending Large Language Models from Jailbreak Attacks Through Activated Concept Analysis and Manipulation","author":"Zhang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib59","series-title":"Tiny Refinements Elicit Resilience: toward Efficient prefix-model Against Llm red-teaming","author":"Liu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib60","series-title":"Improved Large Language Model Jailbreak Detection via Pretrained Embeddings","author":"Galinkin","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib61","series-title":"Defending Against Indirect Prompt Injection Attacks with Spotlighting","author":"Hines","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib62","series-title":"34th USENIX Security Symposium (USENIX Security 25)","first-page":"2383","article-title":"{StruQ}: Defending against prompt injection with structured queries","author":"Chen","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib63","series-title":"Promptarmor: Simple yet Effective Prompt Injection Defenses","author":"Shi","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib64","first-page":"1809","article-title":"Benchmarking and defending against indirect prompt injection attacks on large language models","volume":"vol. 1","author":"Yi","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib65","series-title":"Defending Against Prompt Injection with a Few Defensivetokens","author":"Chen","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib66","series-title":"European Symposium on Research in Computer Security. plus 0.5em Minus 0.4emSpringer","first-page":"105","article-title":"Jatmo: prompt injection defense by task-specific finetuning","author":"Piet","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib67","series-title":"Defense Against Prompt Injection Attack by Leveraging Attack Techniques","author":"Chen","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib68","series-title":"Chain-Of-Scrutiny: Detecting Backdoor Attacks for Large Language Models","author":"Li","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib69","series-title":"Your Agent can Defend itself Against Backdoor Attacks","author":"Changjiang","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib70","series-title":"Cleangen: Mitigating Backdoor Attacks for Generation Tasks in Large Language Models","author":"Li","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib71","series-title":"Exploring Backdoor Attack and Defense for llm-empowered Recommendations","author":"Ning","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib86","doi-asserted-by":"crossref","DOI":"10.1016\/j.jss.2023.111859","article-title":"Detection of backdoor attacks using targeted universal adversarial perturbations for deep neural networks","volume":"207","author":"Qu","year":"2024","journal-title":"J. Syst. Software"},{"issue":"1","key":"10.1016\/j.iotcps.2026.03.001_bib87","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/s10515-024-00485-2","article-title":"Badcodeprompt: backdoor attacks against prompt engineering of large language models for code generation","volume":"32","author":"Qu","year":"2025","journal-title":"Autom. Softw. Eng."},{"key":"10.1016\/j.iotcps.2026.03.001_bib88","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2024.107661","article-title":"An input-denoising-based defense against stealthy backdoor attacks in large language models for code","volume":"180","author":"Qu","year":"2025","journal-title":"Inf. Software Technol."},{"key":"10.1016\/j.iotcps.2026.03.001_bib72","series-title":"Privagent: Agentic-Based red-teaming for Llm Privacy Leakage","author":"Nie","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib73","series-title":"Casper: Prompt Sanitization for Protecting User Privacy in Web-based Large Language Models","author":"Chong","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib74","series-title":"Pr\u03f5\u03f5mpt: Sanitizing Sensitive Prompts for Llms","author":"Chowdhury","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib75","series-title":"Anti-Adversarial Learning: Desensitizing Prompts for Large Language Models","author":"Li","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib76","first-page":"2042","article-title":"Alsa: Context-sensitive prompt privacy preservation in large language models","volume":"vol. 2","author":"Ma","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib77","series-title":"Adversarial Tuning: Defending Against Jailbreak Attacks for Llms","author":"Liu","year":"2024"},{"issue":"2","key":"10.1016\/j.iotcps.2026.03.001_bib78","first-page":"3","article-title":"Safe unlearning: a surprisingly effective and generalizable solution to defend against jailbreak attacks","volume":"1","author":"Zhang","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib79","series-title":"Autojailbreak: Exploring Jailbreak Attacks and Defenses Through a Dependency Lens","author":"Lu","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib80","series-title":"Defending Against Knowledge Poisoning Attacks During retrieval-augmented Generation","author":"Edemacu","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib81","series-title":"Jaildam: Jailbreak Detection with Adaptive Memory for vision-language Model","author":"Nian","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib82","series-title":"Nsfw-Classifier Guided Prompt Sanitization for Safe text-to-image Generation","author":"Xie","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib83","series-title":"Autodefense: Multi-Agent Llm Defense Against Jailbreak Attacks","author":"Zeng","year":"2024"},{"issue":"12","key":"10.1016\/j.iotcps.2026.03.001_bib84","doi-asserted-by":"crossref","first-page":"1486","DOI":"10.1038\/s42256-023-00765-8","article-title":"Defending chatgpt against jailbreak attack via self-reminders","volume":"5","author":"Xie","year":"2023","journal-title":"Nat. Mach. Intell."},{"key":"10.1016\/j.iotcps.2026.03.001_bib85","series-title":"Defending Large Language Models Against Jailbreaking Attacks Through Goal Prioritization","author":"Zhang","year":"2023"},{"key":"10.1016\/j.iotcps.2026.03.001_bib89","series-title":"A2as: Agentic Ai Runtime Security and self-defense","author":"Neelou","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib90","series-title":"Encryption-Friendly Llm Architecture","author":"Rho","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib91","series-title":"2025 Design, Automation & Test in Europe Conference (DATE). plus 0.5em Minus 0.4emIEEE","first-page":"1","article-title":"Testing robustness of homomorphically encrypted split model llms","author":"Folkerts","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib92","series-title":"Tfhe-Coder: Evaluating llm-agentic Fully Homomorphic Encryption Code Generation","author":"Kumar","year":"2025"},{"key":"10.1016\/j.iotcps.2026.03.001_bib93","series-title":"Neurips Safe Generative AI Workshop 2024","article-title":"Privacy-preserving large language model inference via gpu-accelerated fully homomorphic encryption","author":"de Castro","year":"2024"},{"key":"10.1016\/j.iotcps.2026.03.001_bib94","series-title":"Privacy-Preserving Llm Interaction with Socratic chain-of-thought Reasoning and Homomorphically Encrypted Vector Databases","author":"Bae","year":"2025"}],"container-title":["Internet of Things and Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2667345226000015?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2667345226000015?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T23:33:52Z","timestamp":1779147232000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2667345226000015"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":94,"alternative-id":["S2667345226000015"],"URL":"https:\/\/doi.org\/10.1016\/j.iotcps.2026.03.001","relation":{},"ISSN":["2667-3452"],"issn-type":[{"value":"2667-3452","type":"print"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Securing LLM agents: From prompt sanitization to autonomous red teaming and beyond","name":"articletitle","label":"Article Title"},{"value":"Internet of Things and Cyber-Physical Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.iotcps.2026.03.001","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Publishing services by Elsevier B.V. on behalf of KeAi Communications Co. Ltd.","name":"copyright","label":"Copyright"}]}}