All posts
-
Anatomy of a Real Prompt Injection: The Bing Chat / Sydney Case
In early 2023, Bing Chat became the first widely-publicized case of indirect prompt injection in a deployed commercial LLM. What happened, what the attack surface was, and what it revealed about production injection risk.
-
Garak vs. PyRIT vs. promptmap: Prompt Injection Testing Compared
Three frameworks for testing LLMs for prompt injection: Garak, PyRIT, and promptmap. What each one is built for, where each falls short, and how to decide which one to run.
-
Rebuff Defense Review: What It Catches and Where It Fails
Rebuff is a multi-layer prompt injection detection system. An honest audit of how its four detection layers work, what they catch in practice, and how each layer can be bypassed.
-
Indirect Prompt Injection Against a Llama 3 RAG Pipeline: A PoC
A reproducible PoC of indirect prompt injection against Llama 3.1 8B in a document-QA pipeline. What landed, what didn't, and what the defense gap looks like from the inside.
-
A Working Taxonomy of Prompt Injection Attack Types
Direct, indirect, multi-modal, and agentic prompt injection are distinct attack classes with different trust boundaries, attacker access requirements, and defenses. A practitioner's map.
-
Prompt Injection vs. Jailbreaking: Two Conflated Attack Classes
Prompt injection and jailbreaking both use natural language to subvert LLM behavior, but the attacker, the trust boundary that breaks, and the defenses that work are different. A comparison for security engineers.
-
Prompt Injection as Regulatory Failure: Deployer Liability
Prompt injection has been a security problem since 2022. As of 2026, it's also a compliance problem. Where the regulatory liability actually attaches, and what deployers should document.
-
What this site is for
Prompt Injection Report covers offensive AI security from a working practitioner's perspective. Here's what we publish.