Researchers from Oxford and Meta demonstrate that four of five frontier LLMs exfiltrate sensitive data from multi-agent orchestrator systems via a single indirect prompt injection, bypassing access controls entirely.
Researchers from Oxford and Meta demonstrate that four of five frontier LLMs exfiltrate sensitive data from multi-agent orchestrator systems via a single indirect prompt injection, bypassing access controls entirely.
Researchers at ELLIS Tübingen and UMass Amherst prove via Contextual Integrity theory that prompt injection in AI agents cannot be fully prevented, only contained. Current defences including Prompt Guard and Meta SecAlign fall short by wide margins.
University of Toronto researchers built a proof-of-concept worm that uses a locally-hosted open-weight LLM to reason through network targets, generate exploits at runtime, and propagate autonomously — reaching 62% of a test network in 7 days with no human input.
AI prompt injection attack vectors — direct injection, indirect via tool outputs, multi-turn manipulation — with observed real-world attacks and a layered defensive stack.
The OWASP Top 10 for LLM Applications (v2.0): each vulnerability class, real-world observed attacks, and defensive controls for enterprise AI teams.
RAG pipelines introduce document poisoning, indirect prompt injection via retrieved content, and semantic access control gaps that most security teams have not assessed.
A practical framework for implementing prompt injection detection at the API gateway layer: input sanitisation, context isolation, output filtering, and anomaly detection.
Design patterns for a prompt injection and jailbreak detection layer: rule-based filters, semantic classifiers, canary tokens, and output validation for production LLMs.
A structured methodology for red teaming LLM applications: attack taxonomy, scoping, tooling (Garak, PyRIT, PromptBench), and translating findings into actionable security controls.