LLM Prompt Injections

Structured red team methodology for assessing large language model security. Covers threat modelling, attack surface enumeration, prompt injection chaining, and systematic evaluation frameworks for identifying vulnerabilities in LLM-powered deployments.

Version 1 baseline of the LLM red team security methodology. Provides foundational attack patterns, initial reconnaissance vectors, and the original testing framework used as a reference baseline for comparing against evolved assessment techniques.

Comprehensive collection of adversarial prompt injection payloads designed for red-teaming large language models. Includes jailbreaks, role-play bypasses, system prompt leakage, and instruction override vectors targeting general-purpose LLM deployments.

Specialised prompt injection test vectors targeting LLM deployments within financial and banking environments. Covers fraud detection bypass, PII extraction, transaction manipulation prompts, regulatory evasion, and contextual override attacks against finance-tuned models.

Targeted prompt injection test vectors for LLM deployments in enterprise and corporate environments. Covers internal data exfiltration, privilege escalation via prompt, policy bypass, supply-chain prompt poisoning, and adversarial attacks against enterprise-tuned models and copilot integrations.

Specialised prompt injection test vectors for LLM deployments in medical and healthcare environments. Covers PHI/PII extraction, clinical decision override, diagnostic manipulation, HIPAA evasion vectors, and adversarial attacks against health-tuned models and patient-facing AI systems.

Focused guide on system prompt architecture and prompt injection attack vectors. Covers instruction hierarchy bypass, system-level override techniques, context poisoning, and crafting adversarial inputs that manipulate or neutralise system-level directives in deployed LLM pipelines.

Comprehensive jailbreak methodology for large language models. Covers role-play jailbreaks, DAN-style prompts, fictional framing, token smuggling, multi-turn jailbreak chains, and systematic techniques for bypassing model safety filters and alignment guardrails.

Techniques for extracting hidden system prompts, confidential instructions, and internal configurations from LLM deployments. Covers direct extraction probes, indirect inference attacks, memory leakage via context window manipulation, and prompt reconstruction from partial disclosures.

Attack vectors targeting insecure handling of LLM-generated output. Covers prompt-driven XSS injection, SQL injection via model output, code execution through downstream parsers, markdown/HTML injection, and second-order attacks exploiting trust in LLM-produced content.

Exploitation techniques targeting LLM agents with access to external tools and APIs. Covers malicious tool invocation, function-call hijacking, indirect prompt injection via tool responses, privilege escalation through chained tool use, and attacking autonomous agent pipelines with persistent memory.

Denial-of-service techniques targeting LLM infrastructure and availability. Covers token flooding, recursive prompt loops, context window exhaustion, compute-intensive query crafting, API rate-limit abuse, and adversarial inputs designed to degrade model performance or force error states.

Penetration testing guide for Retrieval-Augmented Generation (RAG) pipelines. Covers document poisoning, retrieval manipulation, context injection via knowledge base tampering, indirect prompt injection through retrieved content, and adversarial queries designed to exploit RAG-based LLM deployments.

In-depth guide covering advanced and multi-stage attack vectors against large language models. Covers chained prompt injection, adversarial token manipulation, cross-context attacks, model inversion, training data extraction, and sophisticated evasion techniques targeting hardened LLM deployments and safety layers.