Blog

Security Research

Deep dives into prompt injection techniques, AI agent security, and defensive practices.

May 21, 2026|7 min read

New Research: AI Agents May Always Be Vulnerable to Prompt Injection

A May 2026 arXiv paper argues that prompt injection resistance is fundamentally limited. Here is what the research actually says, and what it means for teams deploying agents now.

prompt injection researchAI agent security 2026prompt injection fundamentalsLLM security research

May 14, 2026|8 min read

Semantic Kernel CVE-2026-25592: When Prompt Injection Becomes Remote Code Execution

Microsoft disclosed two critical vulnerabilities in Semantic Kernel on May 7, 2026. CVE-2026-25592 and CVE-2026-26030 turn ordinary prompt injection into host-level RCE. Here is what happened and what to do.

Semantic Kernel vulnerabilityCVE-2026-25592prompt injection RCEAI agent security

May 11, 2026|8 min read

Best AI Agent Security Testing Tools in 2026: An Honest Comparison

A straightforward comparison of AI security testing tools in 2026. What each one tests, who it is for, and where it falls short. Includes BreakMyAgent, Garak, Lakera Guard, and others.

best AI security tools 2026AI agent security testingprompt injection scannerLLM security tools comparison

May 9, 2026|8 min read

Prompt Injection in 2026: Five Things That Changed in the Last 12 Months

Prompt injection attacks are up 340% in 2026. But the more important story is how the attack and defense landscape has fundamentally shifted. What is different now and why it matters.

prompt injection 2026AI agent security 2026prompt injection attacks increaseLLM security updates

May 6, 2026|9 min read

MCP Server Security: What to Know Before Connecting AI Agents

Model Context Protocol servers give AI agents access to file systems, databases, and APIs. That access needs to be secured. A practical guide to MCP security risks and defenses.

MCP server securitymodel context protocol securityAI agent tools securityMCP prompt injection

May 1, 2026|7 min read

Google Just Caught Indirect Prompt Injection Spreading in the Wild. Here Are the Details.

Google scanned 2-3 billion crawled pages a month and found a 32% rise in malicious prompt injection content between November 2025 and February 2026. Here is what they found, and what it means for any agent that browses the open web.

indirect prompt injectionprompt injection in the wildAI agent web browsingGoogle security research

April 29, 2026|5 min read

Anthropic, Google, and Microsoft Are Now Quietly Paying for Prompt Injection. What Changed?

Three major AI vendors paid bug bounties for prompt injection vulnerabilities in April 2026 without public disclosure. The prompt injection bug bounty era has started. Here is what it means for builders.

AI bug bounty programprompt injection bug bountyAnthropic securityGoogle AI security

April 26, 2026|6 min read

CIS Just Called Prompt Injection a Government-Level Security Risk. Here Is What That Means.

The Center for Internet Security released a report in April 2026 warning that prompt injection attacks are a serious and growing threat to organizations using generative AI. Here is the key takeaway for teams shipping AI products.

CIS prompt injection reportgovernment AI securityGenAI security riskprompt injection enterprise

April 24, 2026|7 min read

Comment and Control: How Three AI Coding Agents Leaked API Keys via One PR

A researcher planted a single malicious PR comment and watched Claude Code, Gemini CLI, and GitHub Copilot all post their own API keys. Here is what happened and what it means for your CI pipeline.

prompt injection CIcomment and control attackClaude Code securityGitHub Actions prompt injection

April 5, 2026|7 min read

Prompt Injection vs Jailbreak: What Is the Difference?

These terms get used interchangeably. They should not be. Understanding the distinction matters for building secure AI systems.

prompt injection vs jailbreakAI security termsjailbreak definitionprompt injection definition

April 2, 2026|9 min read

OWASP LLM Top 10 Explained: What Developers Need to Know

The OWASP LLM Top 10 is the closest thing AI security has to a shared standard. Here is what each risk actually means for developers building agent systems.

OWASP LLM Top 10AI security risksLLM securityprompt injection OWASP

March 31, 2026|6 min read

DeepSeek Security Analysis: What You Need to Know Before Deploying

An honest security assessment of DeepSeek V3.2. At $0.28/M tokens it is tempting, but what are you trading away on security?

DeepSeek securityDeepSeek V3 security analysisDeepSeek vulnerabilitiesDeepSeek prompt injection

March 29, 2026|6 min read

HackerOne Just Made Agentic Prompt Injection Testing Official

HackerOne launched agentic prompt injection testing this week, and a Zenity researcher just called AI agents gullible at RSA. Here is what both mean for developers building production agents.

HackerOne prompt injectionagentic security testingAI agent securityzero-click agent attacks

March 27, 2026|7 min read

Claude vs GPT-5.4: Security Comparison for AI Agents

Head-to-head security analysis of Anthropic Claude Opus 4.6 and OpenAI GPT-5.4. Which model is safer for your AI agent deployment?

Claude vs GPT securityClaude Opus 4.6 vs GPT-5.4Anthropic vs OpenAI securityAI agent security comparison

March 25, 2026|9 min read

How to Secure Your AI Agent: A Practical Checklist

A concrete, actionable security checklist for AI agent deployments. Covers system prompt hardening, input validation, output monitoring, tool security, and incident response.

AI agent securityLLM security checklistsecure AI deploymentprompt injection defense

March 23, 2026|8 min read

Which LLM Is Most Secure? 2026 Model Security Rankings

We scored 21 major LLMs across 5 security categories. Here are the results, the methodology, and what actually matters for your deployment.

LLM security rankingsmost secure LLMAI model security 2026GPT-5.4 security

March 21, 2026|8 min read

10 Prompt Injection Attacks Every AI Developer Should Know

A practical breakdown of the 10 most impactful prompt injection attack techniques, with real payloads and specific mitigations for each.

prompt injection attacksLLM jailbreakAI securityprompt injection examples

March 19, 2026|10 min read

What Is Prompt Injection? The Complete Guide for 2026

A comprehensive technical guide to prompt injection attacks - how they work, why they are dangerous, and how to defend against them in production AI systems.

prompt injectionAI securityLLM securityprompt injection attacks

Ready to test your agent?

Put the theory into practice. Scan your system prompt now.

Scan My Agent

Get new research in your inbox

We publish deep dives on AI security techniques. No fluff, no spam.