Prompt Injection

Prompt Injection Testing: Find and Fix Vulnerabilities

On 11 June 2025, Microsoft disclosed CVE-2025-32711 code-named EchoLeak, CVSS 9.3 a zero-click indirect prompt injection in Microsoft 365 Copilot. By sending a single crafted email with no user interaction required, an attacker could cause Copilot to access internal files and exfiltrate them to an attacker-controlled server. The chain

LLM Red Teaming

LLM Penetration Testing: How to Test AI Applications

LLM applications shipped fast, mostly without a security review, and the attack surface has been catching up ever since. Prompt injection now sits at the top of OWASP's LLM Top 10 for the second consecutive year. Agentic systems with the ability to call functions, browse the web, and