prompt-injection
Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.
127 articles
Supabase MCP and the Lethal Trifecta: When an Agent Has service_role
A Cursor user's Supabase MCP server was tricked by a support ticket into exfiltrating an integration_tokens table. The bug was not in MCP. It was in the trifecta.
Tool Poisoning Attacks: How Malicious Instructions Hide I...
AI agent tools can hide invisible instructions attackers use to steal data. Here's how tool poisoning attacks work and how Safeguard stops them.
Agent Skill Marketplaces as the Next Frontier for Supply ...
Agent skill marketplaces are repeating npm and PyPI's supply chain mistakes—except the malicious payload is often a sentence of instructions, not code. Here's what's already been exploited.
Prompt Injection vs Traditional Injection Attacks: A Tech...
SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.
Why Autonomous Coding Agents Need Their Own Threat Model
Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.
How Malicious Payloads Get Smuggled Into Trusted AI Skill...
Attackers smuggle malicious payloads into trusted AI skill repositories via typosquats, staged fetches, and split-file obfuscation — here is exactly how it works.
Agentic AI Security Glossary: Tool Poisoning, Prompt Inje...
A precise glossary of agentic AI security terms — prompt injection, tool poisoning, model jailbreaking, excessive agency, and MCP rug pulls — with concrete attack examples.
Why Traditional SAST Tools Struggle to Analyze Agentic Co...
Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.
EchoLeak (CVE-2025-32711): The First Zero-Click LLM Exfiltration in Production
Aim Security's CVE-2025-32711 exfiltrated Microsoft 365 Copilot data via a single crafted email. The XPIA classifier failed, CSP let attackers through, and CVSS 9.3 followed.
EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration
A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.
What Is Prompt Engineering? A Security Guide for LLM Applications
Prompt engineering is how you steer an LLM, and it is also where a lot of application security now lives. Here is how to write prompts that resist injection and leakage.
GitHub MCP Server Private-Repo Exfiltration: The May 2025 Invariant Labs Disclosure
Invariant Labs showed that a malicious GitHub Issue could hijack any MCP-connected agent into leaking private-repo contents. The architecture, not a bug, is the problem.