The Promptware Kill Chain

This essay introduces the concept of “promptware” — a novel class of malware targeting LLM-based systems — and outlines a seven-step kill chain (initial access, privilege escalation, reconnaissance, persistence, command-and-control, lateral movement, and actions on objective). It describes research proofs-of-concept that demonstrate injection via calendars and email, persistence in long-term workspaces, self-replication, and data exfiltration, and argues that defenses must assume initial access and focus on interrupting later stages of the kill chain rather than only patching prompt injection.