<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>AI Sec</title><description>Practitioner-grade analysis of offensive AI security. Prompt injection, model jailbreaks, agent and tool-use exploitation, AI red team techniques, and adversarial ML — distilled from primary sources, not press releases.</description><link>https://aisec.blog/</link><language>en</language><item><title>LLM Attack Taxonomy: Prompt Injection, Agent Hijack, and What&apos;s Hitting Production</title><link>https://aisec.blog/posts/llm-attack/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-attack/</guid><description>A practitioner&apos;s map of LLM attack classes — from direct prompt injection and jailbreaks to indirect injection, RAG poisoning, and agent tool-call abuse — organized by OWASP 2025 and MITRE ATLAS.</description><pubDate>Mon, 22 Jun 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>jailbreak</category><category>agent-security</category><category>adversarial-ml</category><category>red-team</category><category>llm-security</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Examples: Attack Payloads by Class</title><link>https://aisec.blog/posts/prompt-injection-examples-2/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-examples-2/</guid><description>Concrete prompt injection examples across five attack classes — direct override, system-prompt leak, indirect RAG poisoning, agent tool-call hijack, and multimodal smuggling — with PoC payloads and defender actions.</description><pubDate>Sun, 21 Jun 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>attack-techniques</category><category>llm-security</category><category>red-team</category><category>agent-security</category><category>indirect-injection</category><author>AI Sec Editorial</author></item><item><title>LLM Bypass Techniques: Attack Families, PoC Patterns, and Why Guardrails Keep Failing</title><link>https://aisec.blog/posts/llm-bypass-2/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-bypass-2/</guid><description>A practitioner map of LLM bypass technique families — prompt injection, jailbreak personas, encoding obfuscation, RAG poisoning, and agent-specific</description><pubDate>Sat, 13 Jun 2026 00:00:00 GMT</pubDate><category>llm-bypass</category><category>prompt-injection</category><category>jailbreak</category><category>adversarial-ml</category><category>red-team</category><category>agent-security</category><author>AI Sec Editorial</author></item><item><title>AI Red Team: Methodology, Tooling, and the Attack Surface That Actually Matters</title><link>https://aisec.blog/posts/ai-red-team/</link><guid isPermaLink="true">https://aisec.blog/posts/ai-red-team/</guid><description>A practitioner&apos;s guide to AI red teaming — what makes LLM attack surface different from traditional app testing, the techniques that reliably produce</description><pubDate>Fri, 05 Jun 2026 00:00:00 GMT</pubDate><category>red-team</category><category>prompt-injection</category><category>jailbreak</category><category>agent-security</category><category>llm-security</category><category>tooling</category><author>AI Sec Editorial</author></item><item><title>Prompt Hacking: A Practitioner&apos;s Taxonomy of LLM Attack Classes</title><link>https://aisec.blog/posts/prompt-hacking-2/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-hacking-2/</guid><description>Prompt hacking covers three distinct attack classes against LLMs: direct injection, indirect injection, and jailbreaking.</description><pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>jailbreak</category><category>red-team</category><category>llm-security</category><category>agent-security</category><author>AI Sec Editorial</author></item><item><title>The Adversarial ML Attack Taxonomy: A Red Teamer&apos;s Reference</title><link>https://aisec.blog/posts/adversarial-ml-attack-taxonomy-red-team-reference/</link><guid isPermaLink="true">https://aisec.blog/posts/adversarial-ml-attack-taxonomy-red-team-reference/</guid><description>A working taxonomy of attacks against ML systems — evasion, poisoning, privacy, and abuse — mapped to attacker knowledge and capability, grounded in the</description><pubDate>Sat, 23 May 2026 00:00:00 GMT</pubDate><category>adversarial-ml</category><category>red-team</category><category>evasion</category><category>poisoning</category><category>model-extraction</category><category>membership-inference</category><category>taxonomy</category><author>AI Sec Editorial</author></item><item><title>AI Red Team Engagement Methodology: Scoping to Reporting</title><link>https://aisec.blog/posts/ai-red-team-engagement-methodology-scoping-to-reporting/</link><guid isPermaLink="true">https://aisec.blog/posts/ai-red-team-engagement-methodology-scoping-to-reporting/</guid><description>The full lifecycle of an LLM red team engagement — scoping and rules of engagement, threat modeling, the test plan by attack class, the tooling that runs</description><pubDate>Sat, 23 May 2026 00:00:00 GMT</pubDate><category>red-team</category><category>methodology</category><category>llm-security</category><category>tooling</category><category>scoping</category><category>reporting</category><category>garak</category><category>pyrit</category><author>AI Sec Editorial</author></item><item><title>The Audit Gap: Why Red-Teaming Can&apos;t Certify Governance Claims</title><link>https://aisec.blog/posts/position-behavioural-assurance-cannot-verify-the-safety-clai/</link><guid isPermaLink="true">https://aisec.blog/posts/position-behavioural-assurance-cannot-verify-the-safety-clai/</guid><description>A new position paper by Seth and Sankarapu formalizes the structural mismatch between what AI governance frameworks require evaluators to verify and what</description><pubDate>Sat, 16 May 2026 00:00:00 GMT</pubDate><category>red-team</category><category>adversarial-ml</category><category>agent-security</category><category>governance</category><category>behavioral-evaluation</category><category>interpretability</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection in 2025: OpenAI vs. Broken Defenses</title><link>https://aisec.blog/posts/understanding-prompt-injections-a-frontier-security-challeng/</link><guid isPermaLink="true">https://aisec.blog/posts/understanding-prompt-injections-a-frontier-security-challeng/</guid><description>OpenAI&apos;s November 2025 advisory on prompt injection arrived the same week a 14-researcher arXiv paper showed adaptive attacks achieve &gt;90% success against</description><pubDate>Sat, 16 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>indirect-injection</category><category>agent-security</category><category>llm-security</category><category>red-team</category><author>AI Sec Editorial</author></item><item><title>LLM Prompt Injection: From Instruction Override to Agent Takeover</title><link>https://aisec.blog/posts/llm-prompt-injection-2/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-prompt-injection-2/</guid><description>A practitioner&apos;s breakdown of how LLM prompt injection payloads are constructed, why the threat class changes when agents can invoke tools, and what</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>agent-security</category><category>red-team</category><category>payload-construction</category><category>indirect-injection</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Delivery: Real Techniques and Payload Methods</title><link>https://aisec.blog/posts/prompt-injection-attack-2/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-attack-2/</guid><description>Unit 42 documented 12 prompt injection attacks in production with 22 distinct delivery techniques. Here&apos;s how attackers build payloads that reach the</description><pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>red-team</category><category>attack-techniques</category><category>llm-security</category><category>payload-delivery</category><author>AI Sec Editorial</author></item><item><title>LLM Security FAQ: Prompt Injection, Jailbreaking, and Defenses</title><link>https://aisec.blog/posts/faq-llm-security-fundamentals/</link><guid isPermaLink="true">https://aisec.blog/posts/faq-llm-security-fundamentals/</guid><description>Three essential questions for anyone building, securing, or red-teaming LLM applications — covering the distinction between jailbreaks and prompt</description><pubDate>Tue, 12 May 2026 00:00:00 GMT</pubDate><category>faq</category><category>prompt-injection</category><category>jailbreak</category><category>llm-security</category><category>red-team</category><category>defense</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Examples: A Practitioner&apos;s Attack Library</title><link>https://aisec.blog/posts/prompt-injection-examples/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-examples/</guid><description>A technical breakdown of real prompt injection examples — direct, indirect, multimodal, and RAG-poisoning attacks — with conditions, payloads, and what</description><pubDate>Tue, 12 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>llm-security</category><category>red-team</category><category>agent-security</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>Agent Tool-Use Exfiltration: When Indirect Injection Does Damage</title><link>https://aisec.blog/posts/agent-tool-use-exfiltration/</link><guid isPermaLink="true">https://aisec.blog/posts/agent-tool-use-exfiltration/</guid><description>Why agentic LLM systems convert injection bugs into data exfiltration, financial loss, and remote code execution — with concrete attack chains and the</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>agents</category><category>prompt-injection</category><category>tool-use</category><category>spoke</category><category>llm-security</category><author>AI Sec Editorial</author></item><item><title>AI Red Teaming Hub: Your Guide to Offensive AI Security</title><link>https://aisec.blog/posts/ai-red-team-hub/</link><guid isPermaLink="true">https://aisec.blog/posts/ai-red-team-hub/</guid><description>The central resource index for offensive AI security on aisec.blog — prompt injection, jailbreaks, adversarial ML, red team methodology, and tooling</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>hub</category><category>red-team</category><category>prompt-injection</category><category>jailbreak</category><category>adversarial-ml</category><category>llm-security</category><category>tooling</category><author>AI Sec Editorial</author></item><item><title>Direct vs. Indirect Prompt Injection: Threats and Defenses</title><link>https://aisec.blog/posts/direct-vs-indirect-prompt-injection/</link><guid isPermaLink="true">https://aisec.blog/posts/direct-vs-indirect-prompt-injection/</guid><description>Direct and indirect prompt injection are fundamentally different attacks with different attack surfaces, threat actors, and mitigations.</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>indirect-injection</category><category>attack-vectors</category><category>llm-security</category><category>threat-modeling</category><category>application-security</category><author>AI Sec Editorial</author></item><item><title>Indirect Prompt Injection in RAG Pipelines: Patterns and Defenses</title><link>https://aisec.blog/posts/indirect-injection-rag-pipelines/</link><guid isPermaLink="true">https://aisec.blog/posts/indirect-injection-rag-pipelines/</guid><description>How retrieval-augmented generation surfaces become injection vectors, with concrete attack patterns from production RAG systems and the chunking</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>rag</category><category>indirect-injection</category><category>spoke</category><category>llm-security</category><author>AI Sec Editorial</author></item><item><title>Jailbreak AI: How Attackers Break Safety Alignment and Defenses</title><link>https://aisec.blog/posts/jailbreak-ai/</link><guid isPermaLink="true">https://aisec.blog/posts/jailbreak-ai/</guid><description>A technical guide to jailbreak AI attacks — from manual prompt exploits to automated adversarial suffixes — covering the major technique families</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>adversarial-ml</category><category>red-team</category><category>llm-security</category><category>prompt-injection</category><author>AI Sec Editorial</author></item><item><title>Jailbreak LLM: Automated Attacks and the Transfer Problem</title><link>https://aisec.blog/posts/jailbreak-llm/</link><guid isPermaLink="true">https://aisec.blog/posts/jailbreak-llm/</guid><description>How automated jailbreak LLM techniques like TAP use attacker LLMs to iteratively crack target models, why success transfers across model families, and</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>llm-security</category><category>red-team</category><category>adversarial-ml</category><category>automated-attacks</category><author>AI Sec Editorial</author></item><item><title>LLM Bypass: How Attackers Circumvent Safety Alignment by Layer</title><link>https://aisec.blog/posts/llm-bypass/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-bypass/</guid><description>A technical breakdown of LLM bypass techniques — adversarial suffixes, shallow alignment exploits, fine-tuning attacks, and guardrail evasion — with</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>llm-security</category><category>red-team</category><category>adversarial-ml</category><category>alignment</category><author>AI Sec Editorial</author></item><item><title>LLM Jailbreak: Attack Taxonomy, Techniques, and Defense Reality</title><link>https://aisec.blog/posts/llm-jailbreak/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-jailbreak/</guid><description>A technical breakdown of LLM jailbreak attack classes — many-shot, Crescendo multi-turn escalation, roleplay, and encoding tricks — plus an honest look at</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>llm-security</category><category>red-team</category><category>prompt-engineering</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>LLM Prompt Injection: Taxonomy, Real Patterns, and Defenses</title><link>https://aisec.blog/posts/llm-prompt-injection/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-prompt-injection/</guid><description>A technical breakdown of LLM prompt injection — direct, indirect, and agent-targeting variants — grounded in real-world attack patterns observed in</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>llm-security</category><category>agent-security</category><category>red-team</category><category>indirect-injection</category><author>AI Sec Editorial</author></item><item><title>Model Extraction vs. Model Inversion: Two Confidentiality Attacks</title><link>https://aisec.blog/posts/model-extraction-vs-model-inversion/</link><guid isPermaLink="true">https://aisec.blog/posts/model-extraction-vs-model-inversion/</guid><description>Model extraction and model inversion both threaten model confidentiality, but they target different aspects of the model and require different defense</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>model-extraction</category><category>model-inversion</category><category>model-theft</category><category>membership-inference</category><category>training-data-privacy</category><category>llm-security</category><category>attack-vectors</category><author>AI Sec Editorial</author></item><item><title>Prompt Hacking: Taxonomy, Techniques, and What Works on LLMs</title><link>https://aisec.blog/posts/prompt-hacking/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-hacking/</guid><description>A practitioner&apos;s breakdown of prompt hacking — the three attack families (injection, leaking, jailbreaking), how each works mechanically, and what</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>jailbreak</category><category>red-team</category><category>llm-security</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Attack Compendium (2026 Edition)</title><link>https://aisec.blog/posts/prompt-injection-attack-compendium/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-attack-compendium/</guid><description>A practitioner&apos;s pillar reference on prompt injection attacks against LLM systems — direct and indirect variants, real-world payloads, detection signals</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>llm-security</category><category>ai-red-team</category><category>pillar</category><category>owasp-llm01</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Attack: Techniques, Variants, and Defenses</title><link>https://aisec.blog/posts/prompt-injection-attack/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-attack/</guid><description>A practitioner&apos;s breakdown of prompt injection attacks — direct, indirect, and multi-modal — covering the HouYi framework, real CVEs, and mitigations that</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>red-team</category><category>llm-security</category><category>agent-security</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>Prompt Injection Detection Signals in Production LLM Systems</title><link>https://aisec.blog/posts/prompt-injection-detection-signals/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-detection-signals/</guid><description>The observable signals that indicate a prompt injection attempt or success in a live LLM application — input classifiers, output classifiers, canary</description><pubDate>Mon, 11 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>detection</category><category>llm-monitoring</category><category>spoke</category><category>llm-security</category><author>AI Sec Editorial</author></item><item><title>GPT-4 Jailbreak Techniques: A Red Teamer&apos;s Technical Reference</title><link>https://aisec.blog/posts/gpt4-jailbreak/</link><guid isPermaLink="true">https://aisec.blog/posts/gpt4-jailbreak/</guid><description>Three active attack classes — IRIS self-refinement, Crescendo multi-turn escalation, and classic prompt-engineering patterns — consistently breach GPT-4</description><pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>gpt-4</category><category>prompt-engineering</category><category>red-team</category><category>llm-security</category><author>AI Sec Editorial</author></item><item><title>LLM Security: A Practitioner&apos;s Map of the Attack Surface</title><link>https://aisec.blog/posts/llm-security/</link><guid isPermaLink="true">https://aisec.blog/posts/llm-security/</guid><description>What LLM security actually means in 2026 — the attack classes red teamers test, the controls that hold up under fire, and the frameworks that map the territory.</description><pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate><category>llm-security</category><category>prompt-injection</category><category>red-team</category><category>owasp</category><category>agent-security</category><author>AI Sec Editorial</author></item><item><title>Why Your Prompt Injection Guardrails Fail: Bypass Classes</title><link>https://aisec.blog/posts/prompt-injection-bypass-classes/</link><guid isPermaLink="true">https://aisec.blog/posts/prompt-injection-bypass-classes/</guid><description>Vendor &apos;AI guardrails&apos; detect 80% of textbook payloads and 30% of real ones. Here&apos;s how attackers actually bypass them — and what your detection layer is</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>red-team</category><category>guardrails</category><category>llm-security</category><category>bypass-techniques</category><author>AI Sec Editorial</author></item><item><title>AI Jailbreak: How LLM Safety Bypasses Actually Work</title><link>https://aisec.blog/posts/ai-jailbreak/</link><guid isPermaLink="true">https://aisec.blog/posts/ai-jailbreak/</guid><description>An AI jailbreak is any input that makes an aligned language model violate its own safety policy. We walk through the technique families that actually</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>prompt-injection</category><category>llm-security</category><category>red-team</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>ChatGPT Jailbreak Prompt Taxonomy: Classes, Rates, and Defenses</title><link>https://aisec.blog/posts/chatgpt-jailbreak-prompt/</link><guid isPermaLink="true">https://aisec.blog/posts/chatgpt-jailbreak-prompt/</guid><description>A research-grounded breakdown of ChatGPT jailbreak prompt categories — DAN, privilege escalation, persona injection, and multi-turn escalation — plus what</description><pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate><category>jailbreak</category><category>prompt-injection</category><category>red-team</category><category>chatgpt</category><category>llm-security</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>OSCP and CEH in 2026: What Carries Over to AI Red Teaming</title><link>https://aisec.blog/posts/anyone-wanna-learn-the-ceh-or-oscp-red-teaming-free/</link><guid isPermaLink="true">https://aisec.blog/posts/anyone-wanna-learn-the-ceh-or-oscp-red-teaming-free/</guid><description>A Reddit offer to teach OSCP and CEH fundamentals for free surfaces a question every traditional pentester should answer: which of those skills transfer</description><pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate><category>red-team</category><category>oscp</category><category>ceh</category><category>tooling</category><category>prompt-injection</category><category>adversarial-ml</category><author>AI Sec Editorial</author></item><item><title>FlashRT Cuts the GPU Bill on Long-Context Injection Attacks</title><link>https://aisec.blog/posts/flashrt-towards-computationally-and-memory-efficient-red-tea/</link><guid isPermaLink="true">https://aisec.blog/posts/flashrt-towards-computationally-and-memory-efficient-red-tea/</guid><description>A new optimization-based red-teaming framework claims 2–7x speedup and 2–4x lower memory than nanoGCG against 32K-context LLMs, putting GCG-class attacks</description><pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate><category>prompt-injection</category><category>red-team</category><category>gcg</category><category>long-context</category><category>knowledge-corruption</category><category>rag</category><author>AI Sec Editorial</author></item></channel></rss>