Safeguard
Tag

prompt-injection

Safeguard articles tagged "prompt-injection" — guides, analysis, and best practices for software supply chain and application security.

127 articles

AI Security

Agent Goal Hijacking: Redirecting Autonomous AI Objectives

Attackers are hijacking autonomous AI agents by planting instructions in content they read—no exploit needed. Here's how it works, real 2025 incidents, and defenses.

Nov 16, 20258 min read
AI Security

LLM System Prompt Leakage

System prompts often hide business logic and secrets. Here's how attackers extract them, real 2023-2024 incidents, and how to stop leaks before they reach production.

Nov 15, 20257 min read
AI Security

Insecure Output Handling in LLM-Integrated Applications

LLM output that reaches a browser, database, or shell unvalidated can trigger XSS, SQL injection, or RCE. Here's how insecure output handling breaks AI apps.

Nov 13, 20258 min read
AI Security

LLM Insecure Plugin Design Vulnerabilities

ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.

Nov 13, 20258 min read
AI Security

LLM Denial of Service Attack Techniques

LLM denial of service attacks exploit sponge prompts, unbounded generation, and denial-of-wallet loops to cripple AI systems without a single exploit.

Nov 13, 20257 min read
AI Security

Excessive Agency in LLM-Powered Applications

Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.

Nov 12, 20258 min read
AI Security

Prompt Injection Attack Techniques and Defenses

Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.

Nov 12, 20257 min read
AI Security

CometJacking and the AI Browser Agent Threat Model

LayerX's October 2025 CometJacking attack siphoned Gmail and Calendar via one Perplexity Comet click. The browser-as-agent design is the new blast radius.

Oct 30, 20257 min read
AI Security

RAG Poisoning: Defenses That Work

Retrieval-augmented generation is the most common LLM deployment pattern in the enterprise and the most commonly poisoned. A senior security engineer's playbook for defences that hold up in production.

Oct 20, 20257 min read
AI Security

AI Agent Memory: Security Risks

Persistent memory makes AI agents more useful and more dangerous. A security engineer's walkthrough of how agent memory gets poisoned, exfiltrated, and weaponised, with concrete 2025 examples.

Sep 15, 20257 min read
Industry Analysis

How Snyk AI-BOM identifies prompt files and prompt-inject...

How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.

Aug 19, 20256 min read
AI Security

The Prompt Injection Problem Hiding Inside Everyday Code ...

AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.

Aug 8, 20257 min read
prompt-injection (Page 9) — Safeguard Blog