Tag
#prompt-injection
10 posts tagged prompt-injection.
- Standards & Frameworks
OWASP LLM Top 10 Prompt Injection (LLM01:2025): What AppSec Teams Need to Know
LLM01 in the OWASP LLM Top 10 is prompt injection — and it held the top spot in both the 2023 and 2025 editions.
- Attack Techniques
How Prompt Injection Attacks Work: Direct, Indirect, and Agent Hijacking
A technical breakdown of how prompt injection attacks work — from direct goal hijacking to indirect RAG poisoning and agentic pipeline compromise.
- offensive
Invisible Prompt Injection: The Unicode Tag Smuggling Technique
Unicode Tag characters let attackers embed invisible prompt injection payloads that still tokenize as instructions. How it works and what stops it.
- incident
Anatomy of a Real Prompt Injection: The Bing Chat / Sydney Case
In early 2023, Bing Chat became the first widely-publicized case of indirect prompt injection in a deployed commercial LLM.
- tooling
Garak vs. PyRIT vs. promptmap: Prompt Injection Testing Compared
Three frameworks for testing LLMs for prompt injection: Garak, PyRIT, and promptmap. What each one is built for, where each falls short, and how to decide
- defense
Rebuff Defense Review: What It Catches and Where It Fails
Rebuff is a multi-layer prompt injection detection system. An honest audit of how its four detection layers work, what they catch in practice, and how
- offensive
Indirect Prompt Injection Against a Llama 3 RAG Pipeline: How the Attack Classes Work
A documentation-based walkthrough of indirect prompt injection against an unhardened Llama 3.1 8B document-QA pipeline: the four attack classes, the
- primer
A Working Taxonomy of Prompt Injection Attack Types
Direct, indirect, multi-modal, and agentic prompt injection are distinct attack classes with different trust boundaries, attacker access requirements, and
- primer
Prompt Injection vs. Jailbreaking: Two Conflated Attack Classes
Prompt injection and jailbreaking both use natural language to subvert LLM behavior, but the attacker, the trust boundary that breaks, and the defenses
- policy
Prompt Injection as Regulatory Failure: Deployer Liability
Prompt injection has been a security problem since 2022. As of 2026, it's also a compliance problem. Where the regulatory liability actually attaches, and