Safeguard
Tag

prompt-injection

Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.

127 articles

AI Security

Red-Teaming AI Applications: A Field Guide

You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.

Jul 8, 20265 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
AI Security

OWASP Top 10 for LLM Applications: A Practical Walkthrough

OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.

Jul 8, 20267 min read
AI Security

Prompt injection in AI coding assistant system prompts

Copilot, Cursor, and Windsurf all read untrusted repo text into the same channel as trusted instructions — three 2025 CVEs show what happens next.

Jul 8, 20266 min read
AI Security

Prompt injection via AI agent CI/CD workflow tampering

A single malicious PR title was enough to make three major AI coding agents leak API keys straight out of a GitHub Actions runner.

Jul 8, 20266 min read
Open Source Security

Protestware via prompt injection: when maintainers target AI agents

jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.

Jul 7, 20267 min read
AI Security

What agentic coding environments reveal about developer risk

Snyk analyzed nearly 10,000 real developer environments and found 43% run 2+ AI coding tools at once — with MCP servers and skills quietly widening the attack surface.

Jul 7, 20267 min read
AI Security

LLM Jailbreak Prevention: A Defense-in-Depth Playbook

A jailbreak is not the same thing as a prompt injection, and conflating them leads to defenses that miss. Here is how modern jailbreaks actually work and the layered controls that hold the line.

Jul 3, 20265 min read
AI Security

Prompt Injection Prevention: A Defense-in-Depth Guide

Prompt injection is the top risk on the OWASP list for LLM applications for a reason: there is no single patch. Preventing it means layering controls around a model that cannot reliably tell instructions from data.

Jul 3, 20266 min read
AI Security

AI Agent Tool-Use Security: Locking Down What Agents Can Do

The moment you give an LLM tools, it stops being a chatbot and becomes an actor in your systems. Tool-use security is about making sure a compromised agent hits a wall instead of a credential.

Jul 1, 20266 min read
AI Security

RAG Security Best Practices for 2026

Retrieval-augmented generation wired an untrusted-content pipeline straight into your model's context window. Here are the practices that keep a poisoned document or a leaked chunk from becoming an incident.

Jul 1, 20266 min read
Software Supply Chain Security

Clinejection: prompt injection turns AI coding bot into supply chain attack

A prompt-injected GitHub issue title hijacked Cline's AI triage bot, poisoned its build cache, and pushed a malicious npm release to 4,000 developers.

Jun 30, 20267 min read
prompt-injection (Page 2) — Safeguard Blog