Detection rules and vulnerability findings — published when proven.
IPI-003 End-to-End IPI Attack Chain Against AnythingLLM via MCP
Complete indirect prompt injection attack chain confirmed against AnythingLLM. A poisoned PDF triggers autonomous tool invocation with persistent fallback behavior — the model tries a second tool when the first fails. GitHub Security Advisory GHSA-7wpc-qv9f-9fqw.
Vulnerability ResearchIPI-002 Reasoning Does Not Prevent Indirect Prompt Injection
Chain-of-thought reasoning does not protect LLMs from executing indirect prompt injection payloads. Small reasoning models use their analytical capabilities to organize compliance, not resistance. Safety training quality is the differentiator.
Vulnerability ResearchIPI-001 Parser Regression Expands IPI Attack Surface
A routine platform upgrade from v0.7.2 to v0.8.1 silently made 4 new indirect prompt injection techniques exploitable — with zero attacker effort. Platform updates are attack surface changes.
Detection RulesWazuh AI/ML Security Rules
41 custom SIEM rules and 3 decoders for monitoring AI inference gateways, RAG pipelines, MCP agent operations, and model supply chain security.