Tag
#llm-security
6 posts tagged llm-security.
- Standards & Frameworks
OWASP LLM Top 10 Prompt Injection (LLM01:2025): What AppSec Teams Need to Know
LLM01 in the OWASP LLM Top 10 is prompt injection — and it held the top spot in both the 2023 and 2025 editions.
- Attack Techniques
How Prompt Injection Attacks Work: Direct, Indirect, and Agent Hijacking
A technical breakdown of how prompt injection attacks work — from direct goal hijacking to indirect RAG poisoning and agentic pipeline compromise.
- offensive
Invisible Prompt Injection: The Unicode Tag Smuggling Technique
Unicode Tag characters let attackers embed invisible prompt injection payloads that still tokenize as instructions. How it works and what stops it.
- tooling
Garak vs. PyRIT vs. promptmap: Prompt Injection Testing Compared
Three frameworks for testing LLMs for prompt injection: Garak, PyRIT, and promptmap. What each one is built for, where each falls short, and how to decide
- defense
Rebuff Defense Review: What It Catches and Where It Fails
Rebuff is a multi-layer prompt injection detection system. An honest audit of how its four detection layers work, what they catch in practice, and how
- primer
Prompt Injection vs. Jailbreaking: Two Conflated Attack Classes
Prompt injection and jailbreaking both use natural language to subvert LLM behavior, but the attacker, the trust boundary that breaks, and the defenses