prompt-injection – Page 6 – Experimental News Clipping Site

Google Online Security Blog: Mitigating prompt injection attacks with a layered defense strategy

Jun 13, 2025

—

by

Source URL: http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html Source: Google Online Security Blog Title: Mitigating prompt injection attacks with a layered defense strategy Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses emerging security threats associated with generative AI, particularly focusing on indirect prompt injections that manipulate AI systems through hidden malicious instructions. Google outlines its layered security…

Simon Willison’s Weblog: Design Patterns for Securing LLM Agents against Prompt Injections

Jun 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/#atom-everything Source: Simon Willison’s Weblog Title: Design Patterns for Securing LLM Agents against Prompt Injections Feedly Summary: This a new paper by 11 authors from organizations including IBM, Invariant Labs, ETH Zurich, Google and Microsoft is an excellent addition to the literature on prompt injection and LLM security. In this work, we describe…

Simon Willison’s Weblog: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

Jun 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/11/echoleak/ Source: Simon Willison’s Weblog Title: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Feedly Summary: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is…

Simon Willison’s Weblog: Codex agent internet access

Jun 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jun/3/codex-agent-internet-access/ Source: Simon Willison’s Weblog Title: Codex agent internet access Feedly Summary: Codex agent internet access Sam Altman, just now: codex gets access to the internet today! it is off by default and there are complex tradeoffs; people should read about the risks carefully and use when it makes sense. This is the…

Simon Willison’s Weblog: GitHub MCP Exploited: Accessing private repositories via MCP

May 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/May/26/github-mcp-exploited/#atom-everything Source: Simon Willison’s Weblog Title: GitHub MCP Exploited: Accessing private repositories via MCP Feedly Summary: GitHub MCP Exploited: Accessing private repositories via MCP GitHub’s official MCP server grants LLMs a whole host of new abilities, including being able to read and issues in repositories the user has access to and submit new…

Simon Willison’s Weblog: System Card: Claude Opus 4 & Claude Sonnet 4

May 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/May/25/claude-4-system-card/#atom-everything Source: Simon Willison’s Weblog Title: System Card: Claude Opus 4 & Claude Sonnet 4 Feedly Summary: System Card: Claude Opus 4 & Claude Sonnet 4 Direct link to a PDF on Anthropic’s CDN because they don’t appear to have a landing page anywhere for this document. Anthropic’s system cards are always worth…

Simon Willison’s Weblog: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

May 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/ Source: Simon Willison’s Weblog Title: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Feedly Summary: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Yet another example of the classic Markdown image exfiltration attack, this time affecting GitLab Duo – GitLab’s chatbot. Omer Mayraz reports on how…

Simon Willison’s Weblog: Building software on top of Large Language Models

May 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/May/15/building-on-llms/#atom-everything Source: Simon Willison’s Weblog Title: Building software on top of Large Language Models Feedly Summary: I presented a three hour workshop at PyCon US yesterday titled Building software on top of Large Language Models. The goal of the workshop was to give participants everything they needed to get started writing code that…

Embrace The Red: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations

May 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/model-context-protocol-security-risks-and-exploits/ Source: Embrace The Red Title: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations Feedly Summary: The Model Context Protocol (MCP) is a protocol definition for how LLM apps/agents can leverage external tools. I have been calling it Model Control Protocol at times, because due to prompt injection, MCP tool servers…

Simon Willison’s Weblog: A comparison of ChatGPT/GPT-4o’s previous and current system prompts

Apr 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Apr/29/chatgpt-sycophancy-prompt/ Source: Simon Willison’s Weblog Title: A comparison of ChatGPT/GPT-4o’s previous and current system prompts Feedly Summary: A comparison of ChatGPT/GPT-4o’s previous and current system prompts GPT-4o’s recent update caused it to be way too sycophantic and disingenuously praise anything the user said. OpenAI’s Aidan McLaughlin: last night we rolled out our first…

Tag: prompt-injection