prompt-injection
Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.
127 articles
What is LLM Security
LLM security protects model weights, prompts, outputs, and the AI supply chain from injection, leakage, and compromise—here's what it covers and how to defend it.
What is Prompt Injection
Prompt injection is OWASP's #1 LLM risk. Learn how it works, real CVEs like EchoLeak, and how to detect and defend against it.
Direct vs Indirect Prompt Injection
Direct and indirect prompt injection are different attack vectors with different blast radii. Real 2025 CVEs like EchoLeak show why the distinction matters.
What is LLM Jailbreaking
LLM jailbreaking bypasses AI safety guardrails through techniques like DAN prompts, Crescendo, and Skeleton Key — here's how it works and how to defend against it.
RAG Poisoning In The Wild: Trend Watch
Retrieval-augmented generation was the 2024 success story. 2026 is when RAG poisoning moved from research to production incidents.
What is Model Context Protocol (MCP) Security
MCP security explained: how tool poisoning, rug pulls, and 2025's critical CVEs (mcp-remote, MCP Inspector) put AI agents at risk—and how to defend against them.
What is AI Agent Security
AI agent security explained: how autonomous AI agents get attacked through prompt injection, tool poisoning, and exposed MCP servers, and how to stop it.
What is Insecure Output Handling in LLMs
Insecure output handling lets LLM-generated text execute code, alter queries, or render unsanitized HTML — a real, exploitable OWASP LLM05:2025 risk.
What is Sensitive Information Disclosure in LLMs
LLM sensitive information disclosure leaks training data, prompts, and secrets through model outputs. Real incidents, causes, and defenses explained.
What is RAG (Retrieval-Augmented Generation) Security
RAG pipelines blend retrieved data with model instructions, creating prompt injection, poisoning, and embedding-leak risks traditional AppSec tools miss.
The OWASP Top 10 for Large Language Model Applications: A Field Guide
A working breakdown of the OWASP Top 10 for Large Language Model Applications — what each risk actually looks like in production and how teams are testing for it.
Prompt Injection Defense Architectures in 2026
Prompt injection remains the LLM01 entry on the OWASP LLM Top 10 for a reason. A pragmatic look at the defense architectures that hold up in production this year.