Prompt injection articles

3/18/2026 • EN

Snowflake Cortex AI Escapes Sandbox and Executes Malware

Report on a prompt injection attack in Snowflake's Cortex AI agent that allowed malware execution, now fixed.

ai security Malware Execution prompt injection Sandbox Escape Snowflake Cortex

Simon Willison

3/18/2026 • EN

Snowflake Cortex AI Escapes Sandbox and Executes Malware

Report on a prompt injection attack that allowed Snowflake's Cortex AI agent to escape its sandbox and execute malware.

ai security Command Injection Malware Execution prompt injection Sandbox Escape

Simon Willison

3/6/2026 • EN

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

A detailed analysis of a prompt injection attack against Cline's GitHub repo, leading to cache poisoning and a compromised NPM release.

Cache Poisoning ci/cd Github Actions prompt injection Security Vulnerability

Simon Willison

3/6/2026 • EN

Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager

A detailed analysis of a prompt injection attack against Cline's GitHub repo, exploiting AI issue triage to poison caches and compromise production releases.

Cache Poisoning Github Actions prompt injection Security Vulnerability Workflow Secrets

Simon Willison

1/14/2026 • EN

Claude Cowork Exfiltrates Files

Security researchers found a vulnerability in Claude Cowork allowing data exfiltration via the Anthropic API, bypassing default HTTP restrictions.

Anthropic API API Security Data Exfiltration prompt injection Security Vulnerability

Simon Willison

1/14/2026 • EN

Claude Cowork Exfiltrates Files

A security vulnerability in Claude Cowork allowed file exfiltration via the Anthropic API, bypassing default HTTP restrictions.

ai security Anthropic API API Security Data Exfiltration prompt injection

Simon Willison

1/12/2026 • EN

Superhuman AI Exfiltrates Emails

A prompt injection attack on Superhuman AI exposed sensitive emails, highlighting a security vulnerability in third-party integrations.

ai security content-security-policy Email Security Google Forms prompt injection

Simon Willison

1/12/2026 • EN

Superhuman AI Exfiltrates Emails

A prompt injection attack on Superhuman AI exposed sensitive emails, highlighting a critical security vulnerability in AI email assistants.

ai security content-security-policy Email Security Google Forms prompt injection

Simon Willison

1/4/2026 • EN

Secure AI Prompts with PyRIT Validation & Agent Skills

Using PyRIT and GitHub Copilot Agent Skills to validate and secure AI prompts against vulnerabilities like injection and jailbreak directly in the IDE.

ai security Github Copilot prompt injection Python visual studio code

Luke Murray

12/10/2025 • EN

The Normalization of Deviance in AI

Explores the 'Normalization of Deviance' concept in AI safety, warning against complacency with LLM vulnerabilities like prompt injection.

AI Safety llm Normalization Of Deviance prompt injection security

Simon Willison

11/26/2025 • EN

Is Prompt Injection a Vulnerability?

Argues that prompt injection is a vulnerability in AI systems, contrasting with views that see it as just a delivery mechanism.

ai security cybersecurity llm security prompt injection vulnerability

Daniel Miessler

11/25/2025 • EN

Google Antigravity Exfiltrates Data

Analysis of a prompt injection vulnerability in Google's Antigravity IDE that can exfiltrate AWS credentials and sensitive code data.

ai security AWS Credentials Data Exfiltration IDE Vulnerability prompt injection

Simon Willison

11/24/2025 • EN

Thoughts on Prompt Injection OPSEC

A rebuttal to claims that sharing prompt injection strings is harmful, arguing for transparency in AI red teaming and cybersecurity.

ai security cybersecurity llm security prompt injection Red Teaming

Daniel Miessler

11/4/2025 • EN

MCP Colors: Systematically deal with prompt injection risk

A method using color-coding (red/blue) to classify MCP tools and systematically mitigate prompt injection risks in AI agents.

Agent Safety ai security mcp prompt injection Tool Classification

Simon Willison

10/28/2025 • EN

Agentic AI and Security

Explores the unique security risks of Agentic AI systems, focusing on the 'Lethal Trifecta' of vulnerabilities and proposed mitigation strategies.

agentic ai ai security llm security prompt injection sandboxing

Martin Fowler

10/7/2025 • EN

Mitigate Prompt Injection Attacks With A2AS and Agentgateway

Explores the A2AS framework and Agentgateway as a security approach to mitigate prompt injection attacks in AI/LLM systems by embedding behavioral contracts and cryptographic verification.

A2as Framework Agentgateway ai security llm security prompt injection

Christian Posta