All posts
-
OWASP LLM Top 10 Prompt Injection (LLM01:2025): What AppSec Teams Need to Know
LLM01 in the OWASP LLM Top 10 is prompt injection — and it held the top spot in both the 2023 and 2025 editions.
-
How Prompt Injection Attacks Work: Direct, Indirect, and Agent Hijacking
A technical breakdown of how prompt injection attacks work — from direct goal hijacking to indirect RAG poisoning and agentic pipeline compromise.
-
Invisible Prompt Injection: The Unicode Tag Smuggling Technique
Unicode Tag characters let attackers embed invisible prompt injection payloads that still tokenize as instructions. How it works and what stops it.
-
Anatomy of a Real Prompt Injection: The Bing Chat / Sydney Case
In early 2023, Bing Chat became the first widely-publicized case of indirect prompt injection in a deployed commercial LLM.
-
Garak vs. PyRIT vs. promptmap: Prompt Injection Testing Compared
Three frameworks for testing LLMs for prompt injection: Garak, PyRIT, and promptmap. What each one is built for, where each falls short, and how to decide
-
Rebuff Defense Review: What It Catches and Where It Fails
Rebuff is a multi-layer prompt injection detection system. An honest audit of how its four detection layers work, what they catch in practice, and how
-
Indirect Prompt Injection Against a Llama 3 RAG Pipeline: How the Attack Classes Work
A documentation-based walkthrough of indirect prompt injection against an unhardened Llama 3.1 8B document-QA pipeline: the four attack classes, the
-
A Working Taxonomy of Prompt Injection Attack Types
Direct, indirect, multi-modal, and agentic prompt injection are distinct attack classes with different trust boundaries, attacker access requirements, and
-
Prompt Injection vs. Jailbreaking: Two Conflated Attack Classes
Prompt injection and jailbreaking both use natural language to subvert LLM behavior, but the attacker, the trust boundary that breaks, and the defenses
-
Prompt Injection as Regulatory Failure: Deployer Liability
Prompt injection has been a security problem since 2022. As of 2026, it's also a compliance problem. Where the regulatory liability actually attaches, and