The most comprehensive resource for LLM pentesting, prompt injection techniques, and AI security research. Learn from the latest vulnerabilities, test with real payloads, and become an LLM security expert.
Store your API keys securely in your browser's local storage. Keys never leave your device.
[Note: Under development and not working] Generate custom prompt injection payloads using your stored API keys. Test LLM security boundaries ethically.
Large Language Models introduce unique security challenges that differ from traditional application security. This guide will teach you everything from basics to advanced exploitation techniques.
Learn how LLMs process input, the role of system prompts, and how context windows work. Understanding the architecture is crucial for identifying attack surfaces.
Master the ten most critical vulnerabilities: Prompt Injection, Sensitive Information Disclosure, Supply Chain Vulnerabilities, Data & Model Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector & Embedding Weaknesses, Misinformation, and Unbounded Consumption.
Study direct and indirect injection methods, including context hijacking, payload splitting, obfuscation, virtualization, and multi-turn attacks. Practice with real examples.
Explore DAN (Do Anything Now), role-playing attacks, encoding bypasses, and advanced jailbreak frameworks. Learn how models resist and how to adapt attacks.
Attack AI agents with tool access, exploit MCP (Model Context Protocol) vulnerabilities, and manipulate RAG (Retrieval Augmented Generation) systems.
Use automated tools like Garak, LLMFuzzer, Promptmap, and PyRIT. Develop custom test cases and build comprehensive security assessments.
Understand input validation, output filtering, prompt formatting, guardrails, and monitoring. Learn defense-in-depth strategies for LLM applications.
Analyze actual vulnerabilities: GitHub Copilot RCE (CVE-2025-53773), ChatGPT memory poisoning, Bing chatbot data exfiltration, and LLM-based review manipulation.
Indirect Prompt Injection: Embed malicious prompts in external content (websites, PDFs, images) that LLMs process. Use CSS-hidden text, EXIF metadata, or HTML comments to hide instructions from humans while remaining visible to AI.
Multi-Modal Attacks: Exploit image-based LLMs by embedding instructions in visual data, using mind maps with intentional gaps, or ASCII art that conveys harmful instructions.
Chain-of-Thought Manipulation: Exploit reasoning processes by injecting intermediate steps that lead to desired malicious conclusions while appearing legitimate.
Memory Poisoning: For LLMs with persistent memory, inject instructions that remain across sessions, enabling long-term data exfiltration or behavior modification.
Supply Chain Attacks: Compromise training data, RAG knowledge bases, or model weights. Poison vector databases or manipulate embeddings to influence model behavior.