Insecure output handling in LLM applications
LLM output is untrusted data. This article covers insecure output handling, the injection risks it enables, and where it sits in OWASP LLM05 and Google SAIF.
LLM output is untrusted data. This article covers insecure output handling, the injection risks it enables, and where it sits in OWASP LLM05 and Google SAIF.
No single mitigation eliminates prompt injection. Covers prompt engineering, filtering, fine-tuning, adversarial training, and guardrail models.
Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.
LLM jailbreaking bypasses safety alignment to force models into generating restricted content. Covers DAN, roleplay, token smuggling, and adversarial suffixes.
Indirect prompt injection embeds payloads in external data that LLMs process. Covers data poisoning, web content injection, email vectors, and concealment.
Direct prompt injection targets LLMs through the user input channel. Covers system prompt extraction strategies and behaviour manipulation techniques.
LLM reconnaissance maps the attack surface of AI applications before testing. Covers model identification, architecture probing, and LLMmap fingerprinting.
Prompt injection exploits the lack of boundary between system and user prompts in LLMs. Covers multi-turn context, multimodal vectors, and architectural causes.
OWASP ML Security Top 10 maps the attack surface of machine learning systems. Here is what each risk means for red teamers and defenders.
Learn SQL injection techniques including authentication bypass, union-based attacks, and database enumeration. Complete guide with examples for developers.