Topic

#prompt-injection

4 articles exploring prompt-injection. Expert insights and analysis from our editorial team.

Showing 1โ€“4 of 4 articles
Related topics:
mcp-security cve-2026-30615 windsurf remote-code-execution ai-ide-security zero-click

Articles

Newest first
Security

Windsurf CVE-2026-30615 Is the Only Zero-Click in the April MCP RCE Wave: HTML Rewrites the Config

CISA-ADP scored CVE-2026-30615 CVSS 8.0 HIGH, making Windsurf the sole zero-click IDE in the April MCP RCE wave: attacker HTML silently rewrites mcp.json with no user.
Security

Flowise's CVE-2026-41264 Turns an LLM-Written Import Into RCE, Breaking the Regex-Gated Sandbox

CVE-2026-41264 (CVSS 9.8) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.
Ethics, Policy & Safety

Don't Trust the Salt: How Non-English Prompts Break LLM Guardrails

AI safety guardrails are built primarily in English. Research shows they can be trivially bypassed using other languages, exposing critical vulnerabilities in global AI deployment.

ยท 10 min read
Security

Prompt Injection Is Now a Security Nightmare. Here's How to Defend Against It

A comprehensive guide to understanding and defending against prompt injection attacks targeting LLM-powered applications
Browse All Topics