Five prompt injection patterns most security teams aren't testing for
Direct injection is the easy one. The four patterns that get past production red-teams — indirect injection via retrieved documents, tool-call hijacking, multi-turn context manipulation, encoding tricks — are the ones worth running before you ship.
Building an LLM threat model: a 7-step framework for enterprise AI
STRIDE doesn’t fit. OWASP’s LLM Top 10 is a taxonomy, not a process. Compliance checklists ask the right questions for the wrong systems. A seven-step framework that produces a CISO-signable artifact and a runbook your engineering team will actually use.
Beyond prompt injection: data exfiltration risks in enterprise AI agents
Prompt injection is the entry point. The interesting question is what the agent does next. Four exfiltration patterns appear repeatedly in real enterprise AI agent deployments — each one has an architectural remediation, not a prompt-level one.
Showing 3 of 3 articles in Security.