Reading up on prompt-injection
8 deep · digging since dec 03, 25
- Designing AI agents to resist prompt injection
OpenAI argues that defending against prompt injection in AI agents requires treating attacks as social engineering and designing systems to constrain impact rather than just filtering inputs.
- Security boundaries in agentic architectures - Vercel
Vercel recommends separating agent harness from generated code execution in isolated sandboxes with secret injection to prevent prompt injection and credential theft in agentic architectures.
- HackMyClaw | Hacker News
A prompt injection challenge testing whether an AI email assistant (Fiu) could be tricked into leaking secrets ended with no successful breaches.
- Keeping your data safe when an AI agent clicks a link
OpenAI prevents URL-based data exfiltration by only allowing AI agents to auto-fetch URLs that were independently observed in a public web index.
- Claude Cowork exfiltrates files
Researchers demonstrate file exfiltration from Claude Cowork via prompt injection, exploiting an acknowledged but unremediated vulnerability.
- Notion AI: Unpatched data exfiltration
Notion AI allowed data exfiltration via indirect prompt injection in March 2025, where edits were saved before user approval, enabling attackers to steal sensitive document contents.
- AI will compromise your cybersecurity posture
AI systems compromise cybersecurity not through spectacular exploits but via rushed integration, prompt injection, data leaks, and broken access controls in complex LLM-based tools.
- BrowseSafe: Understanding and Preventing Prompt Injection Within AI Browser Agents
Perplexity AI introduces BrowseSafe, a defense architecture, benchmark, and detection model for securing browser agents from prompt injection attacks.