Prompt injection PoCs, taxonomy, and primary sources.
A focused publication on prompt injection. Direct and indirect techniques, model-specific behaviors, taxonomy, PoCs against open and closed models, defenses and their failure modes — written for working AI red teamers, not press releases.
Anatomy of a Real Prompt Injection: The Bing Chat / Sydney Case
In early 2023, Bing Chat became the first widely-publicized case of indirect prompt injection in a deployed commercial LLM. What happened, what the attack surface was, and what it revealed about production injection risk.
Featured experiment
Garak vs. PyRIT vs. promptmap: Prompt Injection Testing Compared
Three frameworks for testing LLMs for prompt injection: Garak, PyRIT, and promptmap. What each one is built for, where each falls short, and how to decide which one to run.
Rebuff Defense Review: What It Catches and Where It Fails
Rebuff is a multi-layer prompt injection detection system. An honest audit of how its four detection layers work, what they catch in practice, and how each layer can be bypassed.
Indirect Prompt Injection Against a Llama 3 RAG Pipeline: A PoC
A reproducible PoC of indirect prompt injection against Llama 3.1 8B in a document-QA pipeline. What landed, what didn't, and what the defense gap looks like from the inside.
Earlier entries
Trusted by researchers across the AI security community
Prompt Injection Report is part of a 26-site editorial network covering adversarial ML, AI governance, defensive tooling, and ops engineering — all open access.
Prompt Injection Report — in your inbox
Prompt injection PoCs, taxonomy, and primary sources. — delivered when there's something worth your inbox.
No spam. Unsubscribe anytime.