AI Security
Prompt Injection in RAG: Indirect Attacks
A senior engineer's breakdown of indirect prompt injection in RAG pipelines, how real attacks land through retrieved content, and what actually reduces exposure.
Apr 5, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A senior engineer's breakdown of indirect prompt injection in RAG pipelines, how real attacks land through retrieved content, and what actually reduces exposure.
Fine-tuning inherits every problem of the base model and adds dataset provenance as a new one. Here is how detection actually works in practice.
Multi-agent systems inherit every trust problem of single-agent systems and add a few more. Here is how the threat model actually shifts.
LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.
Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.
Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.
RAG pipelines have six or seven supply chain surfaces, and most teams are only watching one. Here is how the attacks actually look in production.
If your agent can execute code, something it reads from the internet can execute code. Pick your sandbox before the agent picks one for you.
Prompt injection stopped being an LLM curiosity the moment agents started committing code. It is now a software supply chain risk and should be modeled as one.
Weekly insights on software supply chain security, delivered to your inbox.