Direct and indirect prompt injection attacks against LLM-powered applications — techniques, real-world exploits, and mitigations. Mapped to MITRE ATLAS AML.T0051 and OWASP LLM01.
Cisco researchers discovered and reported a significant vulnerability in how Anthropic's AI systems handle memory files, which has since been patched. The flaw highlights a broader, systemic risk in …
Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing …
The article examines 'toxic combinations' — a compounding risk pattern where AI agents and OAuth integrations bridge multiple SaaS applications, creating attack surfaces that no single application …
Unit 42 researchers conducted red-team analysis of Amazon Bedrock's multi-agent collaboration framework, demonstrating how attackers can systematically exploit prompt injection to traverse agent …
Brex has open-sourced CrabTrap, an HTTP proxy that uses an LLM-as-a-judge architecture to intercept, evaluate, and block or allow requests made by AI agents in real time against configurable policies. …
Google has patched a critical prompt injection vulnerability in an agentic AI tool designed for filesystem operations, where insufficient input sanitisation enabled sandbox escape and arbitrary code …
A now-patched vulnerability in Google's agentic IDE Antigravity allowed attackers to achieve arbitrary code execution by injecting malicious flags into the find_by_name tool's Pattern parameter, …
A systemic 'by design' vulnerability in Anthropic's Model Context Protocol (MCP) SDK enables arbitrary remote code execution across all supported language implementations via unsafe STDIO transport …
A chained vulnerability in Cursor AI—a widely-used AI-powered code editor—allowed attackers to combine indirect prompt injection with a sandbox escape and the application's built-in remote tunnel …
A researcher has disclosed a novel prompt injection attack technique dubbed 'Comment and Control,' demonstrating that popular AI coding agents — including Claude Code, Gemini CLI, and GitHub Copilot …
A structural vulnerability in Anthropic's Model Context Protocol (MCP) allows unsanitized commands to be executed silently within AI environments, potentially enabling full system compromise. …
Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot were patched after researchers demonstrated that external attackers could exploit them to exfiltrate sensitive user …
OpenAI has launched GPT-5.4-Cyber, a cybersecurity-optimised model variant, alongside an expanded Trusted Access for Cyber (TAC) programme targeting authenticated defenders and security teams. While …
The Cloud Security Alliance has issued a warning about an anticipated 'AI vulnerability storm' following the release of Anthropic's Claude Mythos model, urging CISOs to prepare defensive postures in …
botctl is an open-source process manager that enables persistent, autonomous AI agents (currently Claude-backed) to run continuously as background daemons with tool access, file system write …