prompt-injection
Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.
127 articles
Line Jumping: How MCP Tool Descriptions Attack Before Tools Are Called
Trail of Bits coined 'line jumping' for prompt injection delivered through MCP tool descriptions on connection. It bypasses every tool-invocation guardrail by design.
OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses
The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.
Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable
Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.
Security Testing for LLM-Powered Applications
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
OWASP Top 10 for LLM Applications: A First Look
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
Securing LLM Applications: The OWASP Top 10 for Large Language Models
OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.
LLM Prompt Injection: The New Supply Chain Attack Vector
Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.