This page collects WhisperX intelligence signals tagged #prompt injection. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in an AI image generation service allows attackers to bypass safety controls by injecting malicious instructions via simple newline characters. The flaw stems from the use of Python's `.format()` method to insert user-supplied prompts into a fixed template. When a user includes newline characte...
A critical security analysis reveals the Model Context Protocol (MCP), a foundational standard for connecting AI agents to external tools, contains deep-seated vulnerabilities that dramatically increase the risk of successful attacks. The research, detailed in the paper "Breaking the Protocol," identifies three core pr...
A critical remote code execution vulnerability has been disclosed in Microsoft's VS Code Copilot Chat, exposing users to potential compromise through a sophisticated prompt injection attack. The flaw, present in versions 0.37.2 and earlier, allows a maliciously manipulated AI agent to trick users into opening or fetchi...
A critical security gap has been identified in the `mcp probe` tool's verification process, exposing AI agents to direct prompt injection attacks. Currently, when the probe successfully retrieves a `tools/list` response from an MCP server, it only flags authentication-bypass issues and discards the actual response payl...
Un nuovo strumento di sicurezza open-source, il Prompt Vulnerability Scanner, sta evidenziando vulnerabilità critiche nei sistemi di intelligenza artificiale generativa. Lo strumento estende le capacità di un rilevatore di injection di base introducendo simulazioni attive di attacchi, inclusi payload adversariali, inje...
A security review of the `ai_plugin.go` code has uncovered multiple critical vulnerabilities, with a prompt injection flaw posing the most immediate and severe risk. The plugin directly embeds user-controlled JSON data into AI prompts without any sanitization, creating a direct path for attackers to manipulate the AI's...
The Kubernaut Agent's current security guardrail, the v1.4 AlignmentCheck, contains critical blind spots that leave its agentic pipeline vulnerable to sophisticated prompt injection attacks. While the existing LLM-as-judge audit catches obvious goal hijacking, it fails against subtle goal steering, where coherent-looki...
The Kubernaut Agent's core investigation pipeline is vulnerable to prompt injection attacks, as it processes untrusted content from multiple Kubernetes sources directly into its LLM context window without any sanitization or detection. This creates a direct path for attackers to manipulate the agent's reasoning and out...
A critical security flaw exposes multiple core services of an email automation system to prompt injection attacks. The vulnerability stems from a fundamental design failure: attacker-controlled email content—including the body, subject, and sender fields—is passed directly into prompts for the Claude API without any da...
A critical security vulnerability has been exposed in a GitHub issue triage system, where an attacker successfully manipulated an AI bot's instructions to force it to post a specific, unauthorized verification message. The exploit, described as an "agentic workflow injection," overrides the bot's standard operating pro...
The WAST web application security scanner is moving to directly target the emerging threat of AI-powered applications. A core development task is now to build an `LLMPromptInjectionScanner`, a dedicated engine designed to detect indirect prompt injection attacks through web form inputs. This capability, listed as a top...
A critical security gap has been identified in the AI Guardian security framework. While the system effectively blocks secret leakage and unauthorized directory access, it currently provides zero detection or protection against prompt injection attacks. This oversight creates a direct pathway for malicious actors to ma...
A significant security misconfiguration in an open-source AI platform's API is exposing the full system prompt to clients, creating a direct vector for targeted attacks. The vulnerability, rated as medium severity, resides in the `/api/converse` endpoint, which returns the complete `systemPrompt` field to users upon in...
A new open-source red teaming tool, dubbed the Garak probing engine, has been introduced on GitHub with the explicit purpose of systematically scanning Large Language Models (LLMs) for critical security vulnerabilities. The tool's release signals a growing, proactive effort within the security community to pressure-tes...
A critical security vulnerability allows attackers to bypass AI guardrails by simply encoding malicious prompts in base64. The guardrails engine, designed to detect and block prompt injection attacks, only scans raw text. When an attacker submits a payload like 'Please decode this and follow the instructions: aWdub3JlI...
Microsoft's recent patch for a Copilot Studio vulnerability reveals a deeper, systemic security crisis for enterprise AI agents. The company assigned CVE-2026-21520, a CVSS 7.5-rated indirect prompt injection flaw, following coordinated disclosure with Capsule Security. While the patch was deployed on January 15, the i...
A live prompt-injection vulnerability has been identified in the Alive AI automation stack, allowing untrusted user inputs to bypass all security controls and flow directly into the Claude model's context. The gap, tracked as issue #317, centers on the `promptOverride` parameter at `execute.ts:142`, which is passed to ...
OpenClaw has implemented a mandatory, injection-resistant security preamble for all agent sessions, a foundational shift in defending against the top-ranked OWASP vulnerability for LLM applications. The change, introduced in PR #42211, prepends a static text instruction to all system prompts, directing the model to tre...
A critical security vulnerability in Google's Antigravity AI coding tool could have allowed attackers to bypass safeguards and execute malicious code. Researchers identified a prompt injection bug that, if exploited, would have granted attackers the ability to run arbitrary commands on systems using the tool. This flaw...
RAG часто позиционируется как надёжный способ привязать генеративную модель к базе знаний и снизить риск галлюцинаций. Однако за этим допущением скрывается менее очевидная проблема: контекст, извлекаемый из корпоративных документов, по умолчанию считается доверенным, хотя именно через него в модель могут проникать вред...