Ideas, Observations & Stories in Cybersecurity
Introduction If you’ve been reading this series, you’ve heard both terms. They get used interchangeably in the press, in vendor marketing, and honestly, in a lot of engineering slack channels. But jailbreaking and prompt injection are not the same thing — and conflating them leads to defenses that protect against one while leaving you completely…
Introduction If you’ve followed this series from the beginning, you’ve seen the full attack landscape: direct prompt injection, indirect injection through RAG pipelines, and multi-agent cascades where a single poisoned document can ripple across an entire agent network. Each post ended with defenses specific to that attack. But defenses in isolation don’t make a security…
Introduction In the previous post, we covered indirect prompt injection — where an attacker embeds malicious instructions inside documents your RAG pipeline retrieves. By itself, that’s already a serious problem. But what happens when your system isn’t a single AI assistant? What happens when it’s a network of autonomous agents — each specializing in a…
Introduction If you’ve been following this series, you already know what prompt injection is and why it’s dangerous. But direct prompt injection — where a user manipulates the model through the chat interface — is only the tip of the iceberg. Indirect prompt injection is where things get really scary for enterprise applications. And nowhere…
If you’ve been in application security for any amount of time, you’ve seen this pattern before. A new technology arrives. Developers adopt it fast. Security teams scramble to catch up. And in the gap between adoption and understanding, attackers find a comfortable home. We saw it with cloud misconfigurations. We saw it with GraphQL. We’re…
