Comprehensive AI / LLM Security Guide
Comprehensive AI / LLM Security Guide A practitioner’s reference for securing Large Language Model and agentic AI systems — attack surface, exploitation techniques, real-world CVE chains, payloads, and layered detection/prevention. Compiled from 60 research sources (OWASP, NVIDIA AI Red Team, Unit 42, Lakera/Check Point, NCSC, CrowdStrike/Pangea, Equixly, Anthropic, OpenAI, Microsoft MSRC, Google, AWS, MITRE ATLAS, Penligent, Red Hat, Pillar Security, JFrog, AuthZed, Trend Micro, Nature, and independent researchers). Table of Contents Fundamentals Threat Model & Attack Surface Direct Prompt Injection & Jailbreaks Indirect Prompt Injection RAG / Vector Store Attacks Tool & Function Calling Abuse MCP Server Attack Surface Agent Hijacking & Tool Chain Attacks Memory Poisoning Data & Model Poisoning Output Handling & Exfiltration Channels Multi-Agent Exploitation Real-World CVEs & Exploitation Chains Tools & Automation Detection & Layered Defense Payload / Prompt Quick Reference 1. Fundamentals LLM security vulnerabilities stem from one structural truth: large language models do not reliably separate instructions from data. Everything the model sees — system prompt, user message, retrieved documents, tool output, memory — arrives as a single token stream. A natural-language directive buried inside “data” is indistinguishable from a directive in the “instructions” block. ...