Comprehensive AI / LLM Security Guide
Comprehensive AI / LLM Security Guide A practitioner’s reference for securing Large Language Model and agentic AI systems — attack surface, exploitation techniques, real-world CVE chains, payloads, and layered detection/prevention. Compiled from 30 research sources (OWASP, NVIDIA AI Red Team, Unit 42, Lakera, NCSC, CrowdStrike, Equixly, Anthropic, AWS, MITRE ATLAS, Penligent, and independent researchers). Table of Contents Fundamentals Threat Model & Attack Surface Direct Prompt Injection & Jailbreaks Indirect Prompt Injection RAG / Vector Store Attacks Tool & Function Calling Abuse MCP Server Attack Surface Agent Hijacking & Tool Chain Attacks Memory Poisoning Data & Model Poisoning Output Handling & Exfiltration Channels Multi-Agent Exploitation Real-World CVEs & Exploitation Chains Tools & Automation Detection & Layered Defense Payload / Prompt Quick Reference 1. Fundamentals LLM security vulnerabilities stem from one structural truth: large language models do not reliably separate instructions from data. Everything the model sees — system prompt, user message, retrieved documents, tool output, memory — arrives as a single token stream. A natural-language directive buried inside “data” is indistinguishable from a directive in the “instructions” block. ...