Prompt-Injection
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
A DOM-based XSS flaw in the Arkose Labs CAPTCHA component on claude.ai's subdomain enabled zero-click prompt injection from any website via a legitimate Google ad. No user interaction required.
- Snowflake Cortex AI Code CLI Escapes Sandbox and Executes Malware via Prompt Injection
Two days after launch, Snowflake's Cortex Code CLI was found vulnerable to a prompt injection attack that bypassed human-in-the-loop approval, escaped the OS sandbox, and executed malware using cached Snowflake auth tokens. The attack ran while the main agent reported it was prevented.
- The Reader/Writer Split: Hardening AI Agent Pipelines Against Prompt Injection
A prompt injection attempt hit our AI blog pipeline today. We refactored every combined cron into a reader/writer split -- separating the session that touches the web from the session that takes real-world actions.
- Prompt Injection Resilience: Building Hard Guards for Agentic Systems
Agentic systems that read untrusted content -- web pages, GitHub issues, email, RSS feeds -- are exposed to prompt injection at every read boundary. This post walks through the real attack surface and the defensive patterns that actually work.