prompt-injection
Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.
127 articles
Explaining Model Context Protocol and its expanding attac...
MCP security is now urgent: MCP servers grew from 700 to 16,000+ in a year, and most are unaudited. Here is the threat model and how Safeguard secures it.
How tool poisoning attacks compromise MCP tool descriptions
A single poisoned tool description can turn a trusted MCP server into a silent data-exfiltration channel. Here's how these attacks work — and how to stop them.
Explaining prompt injection attacks and why they're hard ...
Prompt injection attacks trick AI models into obeying attacker instructions hidden in data or user input, and there's still no complete fix.
How indirect prompt injection hides malicious instruction...
How attackers hide malicious instructions inside webpages, documents, and retrieved content to hijack AI systems — and why RAG pipelines are especially exposed.
Comparing LLM firewall and guardrail products for enterpr...
A vendor-by-vendor comparison of LLM firewall and AI guardrail platform options for enterprise deployment, with real strengths and limitations for each.
Prompt Injection Detection in Retrieval Systems
Indirect prompt injection arrives through your retrieval corpus, not your chat box. We cover the detection strategies that survive when attackers write your RAG content.
Prompt injection vulnerabilities in LLM applications explained
Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.
Human-Agent Trust Exploitation in AI Systems
Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.
Insecure Inter-Agent Communication in Multi-Agent Systems
Multi-agent AI pipelines pass untrusted content between agents with no authentication or integrity checks. Here's how insecure inter-agent communication opens the door to injection attacks.
Memory and Context Poisoning Attacks Against AI Agents
How attackers poisoned ChatGPT's memory and RAG pipelines to hijack AI agents long-term, and the controls Safeguard uses to catch it before it spreads.
Agentic Unexpected Code Execution Vulnerabilities
How AI agents with code-execution tools get hijacked by prompt injection—from the Vanna.ai RCE (CVE-2024-5565) to LangChain and MCP—and what to do about it.
Agent Tool Misuse and Exploitation
Attackers don't need to hack AI agents — they just redirect their own tools. Here's how tool misuse works, real 2025 incidents, and how to stop it.