Tag
#prompt-injection
18 posts tagged prompt-injection.
- disclosure
LLM Security Risks: The 2025 Threat Landscape for AI Deployments
A practitioner breakdown of LLM security risks covering the OWASP Top 10 for LLM Applications 2025, MITRE ATLAS AI attack tactics, and concrete mitigation priorities for security and platform teams.
- disclosure
Generative AI Risks: A Technical Reference for Security Teams
A practitioner-focused breakdown of generative AI risks mapped against NIST AI 600-1 and the OWASP Top 10 for LLMs — prompt injection, data poisoning, supply-chain compromise, and mitigation priorities.
- disclosure
ChatGPT Security: Patched Flaws, Persistent Gaps, Unsolved Risks
A technical review of ChatGPT security vulnerabilities disclosed in 2025-2026: DNS-based data exfiltration, ZombieAgent prompt injection bypass, Codex command injection, and the credential market driving account takeovers.
- guide
ChatGPT Security: Risks, Controls, and How to Use It Safely
A practitioner's guide to ChatGPT security in 2026: how OpenAI protects enterprise data, where prompt injection and account-takeover risks live, and the controls that actually move the needle.
- analysis
Generative AI Risks: A Practical Taxonomy for Security Teams
Generative AI risks span prompt injection, data poisoning, supply chain vulnerabilities, hallucination, and governance failures. A technical breakdown of the major threat categories with mitigation priorities.
- analysis
LLM Security Alerts: Monitoring, Detection, and Response
A practical guide to setting up LLM security alerting — what to monitor, what alert patterns indicate compromise or attack, how to triage LLM security incidents, and what a response playbook looks like.
- analysis
LLM Security Risks: A Practitioner's Field Guide for 2025
A comprehensive breakdown of LLM security risks — prompt injection, supply chain poisoning, excessive agency, and model extraction — with mitigation guidance for security and AI platform teams.
- analysis
AI Agent Security Incidents: When Autonomous AI Went Wrong
A documented review of security incidents involving autonomous AI agents in 2024-2025, covering tool misuse, privilege escalation via injection, and the architectural patterns that created the exposure.
- analysis
OWASP LLM Top 10 2025: What Changed and Why It Matters
The OWASP Top 10 for Large Language Model Applications was updated for 2025. Here is a breakdown of what moved, what was added, and why the changes reflect the evolving threat landscape for AI deployments.
- incident-review
Prompt Injection via Email: How AI Agents Get Hijacked
Email is the highest-volume source of untrusted content in enterprise environments — and it's now being fed directly into AI agents. This post catalogs confirmed prompt injection incidents in email-processing AI agents, focusing on Copilot, Outlook, and similar productivity AI.
- deep-dive
RAG Poisoning: How Retrieval-Augmented Systems Get Compromised
RAG systems inherit all the vulnerabilities of LLMs and add a new one: the retrieval corpus. Injecting malicious content into retrieved sources can hijack model behavior in ways users and operators don't see coming.
- disclosure
AI Security: Attack Categories, Defense Gaps, and How to Respond
A practitioner guide to the four core attack categories against AI/ML systems — from adversarial inputs to supply chain compromise — with mitigation priorities and framework references.
- digest
Weekly AI Security Digest — May Week 2, 2026
Top five AI security developments from May 5-9, 2026: CISA guidance on AI in critical infrastructure, new prompt injection research, LLM supply chain CVEs, an enterprise AI breach disclosure, and proposed EU AI security standards.
- primer
AI System Security Audit Checklist for 2026
A practical audit checklist for AI systems covering model inputs, training pipeline, outputs, access control, logging, and red-team requirements. Each item includes a brief explanation of the risk it addresses.
- analysis
Prompt Injection in the Wild: Incidents from 2024-2025
A catalog of confirmed prompt injection incidents in real deployments: Bing Chat, Slack AI, email assistants, and customer service bots. Each entry covers the attack vector, payload mechanism, impact, and patch or mitigation applied.
- tools
Tool Review: LLM Guard for Input/Output Filtering
LLM Guard is an open-source input/output filtering library for LLM applications. We review what it detects, how it deploys, its real limitations, and when it fits into a defense-in-depth architecture.
- incident
How System Prompt Leaks Happen: Techniques and Defenses
Prompt injection attacks that expose system prompts are one of the most common real-world LLM exploits. This post covers the mechanics of system prompt extraction, documented incidents, and defensive controls that actually work.
- primer
Jailbreaking vs Prompt Injection: Not the Same Attack
Security practitioners conflate jailbreaking and prompt injection constantly. They are distinct attack classes with different threat actors, different mitigations, and different risk profiles.