AI: A Practical Guide

Curated and synthesized by Carl Sampson. Last updated 2026-06-29. Synthesized from 526 of 526 curated resources. Browse all 526 AI resources →

Problem Framing: The Shifting Attack Surface in the Age of AI

The rapid integration of AI into application development and operations has fundamentally altered the security landscape. This shift is not merely about new types of vulnerabilities but about an expanded and more dynamic attack surface. AI agents, LLMs, and AI-generated code introduce novel vectors that traditional security tools and practices struggle to address. The core challenge lies in securing systems where the "attacker" can be an AI, the "code" is AI-generated and potentially flawed, and the "instructions" can be manipulated through natural language. This necessitates a paradigm shift from securing static code to securing dynamic, agentic workflows and the reasoning processes within AI systems. Concerns range from sophisticated prompt injection attacks that manipulate AI behavior to supply chain compromises within AI development pipelines, and the inherent risks of AI models themselves, such as data poisoning and model theft ^[1]^[2]^[3]^[4]^[5]^[6]^[7]^[8]^[9]. The sheer volume of AI adoption, with over 70% of cloud environments already utilizing AI ^[10], underscores the urgency of addressing these new security paradigms.

Core Mechanics: Understanding How AI Introduces New Risks

Prompt Injection: The Human Language Vulnerability

Prompt injection is a class of attacks where malicious instructions are embedded within data processed by an LLM, causing it to perform unintended actions or reveal sensitive information. This attack exploits the fundamental inability of transformer-based LLMs to reliably distinguish between data and instructions ^[3]. There are two primary forms:

Direct Prompt Injection: The attacker directly crafts prompts to manipulate the LLM's behavior, often through "jailbreaking" techniques to bypass safety guardrails.
Indirect Prompt Injection (IPI): Malicious instructions are embedded in external content that the AI model will later ingest, such as web pages, documents, emails, or even tool descriptions within Model Context Protocol (MCP) servers. This is particularly insidious as it can bypass direct user interaction with the model's prompt interface ^[11]^[8]^[12]^[13]^[14]^[15]^[16]^[17].

Examples include tricking an AI into summarizing confidential emails ^[17], manipulating AI trading agents for financial fraud ^[18], or causing AI assistants to respond with misinformation or execute harmful commands ^[19]. Even seemingly benign actions, like processing a crafted GitHub comment, can lead to credential theft ^[20].

AI Agentic Vulnerabilities: The Expanding "Trust Boundary"

AI agents, empowered by LLMs and equipped with tools and access to external systems, represent a significant expansion of the attack surface. Their "reasoning loop" (Observe, Reason, Act, Learn) introduces new security control points and vulnerabilities ^[21].

Excessive Agency and Over-Permissioning: Agents often operate with broader permissions than necessary, increasing the potential blast radius of a compromise. Over-reliance on AI agents without sufficient oversight can lead to unintended actions and security blind spots ^[22]^[23]^[24].
Tool Poisoning and MCP Exploitation: The Model Context Protocol (MCP) is a standard for connecting LLMs to external tools, databases, and services. However, it introduces significant risks.
Tool Poisoning Attacks (TPAs): Malicious instructions can be embedded within tool descriptions or schemas, invisible to users but interpretable by the LLM, leading to data exfiltration or unauthorized actions ^[25]^[26]^[27]^[28]. This can extend to "Full-Schema Poisoning," impacting all fields within a tool's schema, or "MCP Rug Pulls," where malicious servers change tool descriptions after initial approval ^[26].
Command Injection via MCP STDIO: Vulnerabilities in MCP implementations can allow attackers to execute arbitrary commands directly on the server without authentication or sanitization ^[29]^[30].
Confused Deputy Problem: In multi-agent systems, an agent might be tricked into performing actions on behalf of another agent without proper authorization, leveraging the trust between them ^[31]^[17].
Configuration Poisoning: Modifying an agent's memory files (e.g., SOUL.md) can embed backdoors and alter its behavior ^[32].

Supply Chain Attacks in AI

The AI supply chain is complex, involving frameworks, models, IDE extensions, and third-party plugins. Compromising any link can have widespread consequences.

Malicious AI Skills/Plugins: These can be injected into AI marketplaces or ecosystems, instructing agents to download and install untrusted software, exfiltrate credentials, or disable security measures ^[33]^[34].
Compromised Dependencies: Standard software supply chain attacks also affect AI development. Malicious versions of libraries used in AI projects can be published to repositories like PyPI or npm, containing malware or backdoors ^[35]^[36].
GitHub Actions Cache Poisoning: Attackers can exploit shared GitHub Actions caches to inject malicious code into build pipelines, impacting AI development workflows ^[37].
Dangling GitHub Apps: Mimicking trusted internal apps with similar names can lead to bypasses of permission checks.
Model Supply Chain Attacks: This can involve tampering with training data, third-party components used in model development, or the models themselves during distribution ^[38].

AI-Generated Code Security

Code generated by AI assistants like GitHub Copilot, Amazon Q, or Google Gemini is increasingly common. However, this code often contains vulnerabilities. Studies indicate a significant percentage of AI-generated code snippets include security flaws, with rates as high as 40% or more depending on the model and source ^[39]^[40]^[41]^[5]. Models trained on flawed code can inadvertently pass these vulnerabilities into their output ^[40]. Furthermore, "package hallucination" by AI tools can lead to attacks where the AI suggests non-existent or malicious packages ^[40].

Data Security and Privacy

AI systems often process vast amounts of data, including sensitive information.

Data Exfiltration: Malicious prompts or agent actions can lead to the unauthorized movement of sensitive data from trusted boundaries ^[42]. Prompt injection attacks have been demonstrated to exfiltrate chat histories, API keys, and even entire system states ^[18]^[43]^[17].
Data Poisoning: Malicious actors can intentionally manipulate AI training data to degrade model performance, introduce backdoors, or cause targeted failures ^[4]^[44].
Model Inversion and Extraction: Attackers can attempt to reconstruct sensitive training data from a model or steal the model itself ^[44].

Notable Techniques and Attack Vectors

Prompt Injection and Jailbreaking

This remains a primary concern. Techniques range from direct manipulation of LLM prompts to bypass safety rules ^[4]^[45] to sophisticated indirect methods where malicious instructions are hidden in external content ^[11]^[8]^[12]^[13]. Specific attacks include:

SearchLeak: Exploiting Microsoft 365 Copilot's summarization capabilities to exfiltrate data by manipulating search queries and external content processing ^[46].
Comment and Control: Using GitHub pull request titles or issue comments as a channel to deliver malicious prompts to AI coding agents, leading to credential theft ^[20].
EchoLeak (CVE-2025-32711): A zero-click exploit against Microsoft 365 Copilot that chains multiple bypasses to exfiltrate data via crafted emails ^[43]^[17].
Invisible Prompt Injection: Using hidden Unicode characters to embed malicious instructions that evade detection filters ^[16].
Multilingual/Obfuscated Attacks: Employing multiple languages or encoding schemes (e.g., Base64, emojis) to evade detection mechanisms ^[47].
Jailbreaking: Instructing LLMs to generate questions that would typically be rejected, along with their responses, potentially compromising the entire guardrail structure ^[20].
Sockpuppeting: A jailbreak technique that exploits "assistant prefill" APIs by inserting a fake acceptance message to bypass safety guardrails ^[20].

Agentic AI Exploitation

Beyond prompt injection, AI agents themselves are targets:

Tool Poisoning Attacks (TPAs): Malicious instructions embedded in tool descriptions or schemas that AI agents ingest and execute ^[25]^[26]^[27]^[28]. This can escalate to "Full-Schema Poisoning" affecting all tool schema fields ^[26].
MCP Server Exploitation: Vulnerabilities in MCP implementations can lead to RCE, data exfiltration, or other critical security flaws ^[29]^[30]^[27]^[48]. This includes command injection via STDIO and SSRF ^[30].
Argument Injection: Vulnerabilities in how AI agents handle arguments for commands, particularly in Git operations, can lead to RCE ^[30]^[48]. Examples include git_diff and git_checkout argument injection ^[30]^[48].
Path Traversal: Exploiting flaws in how AI agents or their tools handle file paths to read or write arbitrary files on the host system ^[30]^[48].
Insecure Default Configurations (Fail-Open): AI systems or their components may ship with insecure default settings that are not adequately secured, increasing risk ^[24].
Agentic Supply Chain Compromise: Compromising MCP servers, tools, or the AI agent's own dependencies can lead to widespread compromise ^[32].
Agent Goal Hijacking: Prompt injection can be used to redirect an AI agent's intended goals towards malicious objectives ^[49].

AI-Driven Vulnerability Discovery and Exploitation

AI models are increasingly capable of discovering and even exploiting zero-day vulnerabilities autonomously.

Autonomous Vulnerability Discovery: Models like Anthropic's Claude Mythos have demonstrated the ability to find zero-days and generate working exploits, signaling a future where AI-led vulnerability waves are commonplace ^[50].
AI-Assisted Exploit Development: AI can accelerate the creation of exploits by analyzing code, identifying potential weaknesses, and generating payloads ^[51]^[52].
AI for Penetration Testing: Autonomous AI agents are being developed to perform reconnaissance, vulnerability discovery, exploitation, and reporting, often achieving high success rates ^[24]^[52].

Securing AI-Generated Code

The security of code produced by AI assistants is a critical concern, as it frequently contains vulnerabilities.

High Vulnerability Rates: Studies consistently show that AI-generated code has a higher incidence of security flaws compared to human-written code ^[40]^[41]^[5].
Package Hallucination: AI tools can suggest non-existent or malicious packages, creating new attack vectors ^[40].
Need for Validation: Traditional SAST and SCA tools are essential but may not catch all AI-specific vulnerabilities. Human review and AI-assisted code analysis are crucial ^[53]^[54].

Detection and Prevention: Building AI Security Posture

AI Security Posture Management (AI-SPM)

AI-SPM tools and processes aim to provide visibility into AI assets, assess risks, and prioritize critical AI-related security findings. This includes dynamically inventorying AI frameworks, models, IDE extensions, and agent configurations (AI Bill of Materials - AI-BOM) ^[10]^[55]^[56]^[7]. Key aspects include:

Continuous Discovery: Regularly scanning AI assets across binaries, containers, source code, and build manifests to maintain an up-to-date inventory ^[57].
Risk Intelligence and Prioritization: Leveraging AI to analyze findings, correlate risks, and prioritize remediation efforts based on exploitability and impact ^[4].
Policy Enforcement: Defining and enforcing policies for AI model usage, data access, and agent behavior, distinguishing between hard constraints and soft steering ^[58].

Securing the Agent Execution Loop

Governing AI agent behavior within their execution loop is a new security control point. This involves implementing controls before actions are executed, focusing on what agents use, do, and generate ^[21].

Input Guardrails: Pre-LLM checks to detect and neutralize prompt injection attempts ^[58]^[19]^[14].
Output Guardrails: Validating and sanitizing LLM outputs before they are rendered or acted upon by downstream systems ^[58].
Behavioral Testing: Focusing on how AI systems behave under manipulation rather than solely on static code analysis ^[10].
Action-level Validation: Monitoring internal APIs and databases triggered by an AI agent, not just the final output ^[10].

Mitigating Prompt Injection and Agent Exploitation

Layered Defenses: No single solution is sufficient. A defense-in-depth approach is critical, combining input validation, output filtering, prompt sanitization, and secure system design ^[59]^[49].
Context-Grounded Validation (RAG-Aware Checks): Verifying LLM claims against retrieved context in Retrieval-Augmented Generation (RAG) systems ^[60].
Self-Correction Loops: Enabling LLMs to regenerate responses based on guardrail feedback ^[60].
Multi-Agent Validation: Using separate agents to review the output and tool selection of other agents ^[60].
Tool Allowlists and Schema Validation: Enforcing allowed tools and strict parameter formats for agent tool calls ^[58]^[60].
System-Level Protections: Implementing least-privilege identities, sandboxing tools, and network segmentation to limit the blast radius of agent actions ^[58]^[60]^[32].
OpenAI's Lockdown Mode: A feature designed to protect ChatGPT from prompt injection by adding validation layers to user inputs ^[57].
MCP Server Security: Implementing strict security controls around MCP servers, including authentication, authorization, PKCE enforcement, and secure communication (Mutual TLS) ^[61]^[62]^[63].

Securing AI-Generated Code

AI-Assisted SAST and SCA: Employing tools that leverage AI to analyze AI-generated code for vulnerabilities and dependencies ^[64]^[54]^[65]^[66].
Automated Remediation: Using AI-powered agents to automatically fix identified vulnerabilities, reducing developer friction and accelerating security ^[39]^[66]^[67]^[68].
Guardrails for Coding Assistants: Implementing checks and balances on AI coding assistants to ensure generated code adheres to security policies ^[53]^[69].
Human-in-the-Loop: Emphasizing that AI-generated code should still undergo human review, especially for critical or security-sensitive components ^[53].

Supply Chain Security for AI

AI Bill of Materials (AI-BOM): Dynamically inventorying all AI components, including frameworks, models, and dependencies, to track provenance and identify risks ^[55]^[56].
Artifact Scanning: Scanning AI models, container images, and code dependencies for malicious payloads or known vulnerabilities ^[55].
Secure Distribution Channels: Ensuring that AI skills, plugins, and models are distributed through trusted and scanned marketplaces or repositories ^[33]^[34].
Package Integrity Verification: Using tools like uv with CycloneDX SBOMs to verify the integrity of AI development dependencies ^[67].

Tooling and Technologies

A growing ecosystem of tools is emerging to address AI security challenges:

AI Security Posture Management (AI-SPM): Wiz AI-APP ^[10]^[70], Snyk AI Security Platform ^[4]^[71]^[7], Prisma AIRS, Fairly AI, Wiz AI-SPM ^[55]^[70]. These platforms offer visibility, risk assessment, and governance for AI workloads.
Prompt Injection Defense: Snowflake Horizon AI Guardrails ^[42], Llama Guard ^[21], Orca Security Agent Firewall and Input/Output Guardrails ^[21], Microsoft Prompt Shields ^[72], Lakera Guard ^[30], various tools targeting RAG systems ^[19].
AI Code Analysis and Remediation: Snyk Code ^[64]^[54]^[65]^[66], Snyk Agent Fix ^[39]^[66]^[67], Semgrep, TruffleHog ^[73]. These tools scan AI-generated code and often offer automated fixes.
Agentic Security Orchestration: Evo by Snyk ^[71]^[74], Wiz Agents (Red, Blue, Green) and Workflows ^[75], Thoth ^[3]. These platforms orchestrate security tasks using AI agents.
Sandboxing: Snowflake CoCo CLI Sandbox ^[42], Container Isolation (CoCo CLI Sandbox) ^[42]. These tools enforce isolation for agent execution environments to mitigate data exfiltration.
AI-BOM Tools: Wiz AI-BOM ^[55]^[56], Repello AI Inventory ^[76]. These tools inventory AI components for better governance.
AI Red Teaming: Wiz Red Agent ^[10]^[77], DeepTeam ^[78], NVIDIA AI Red Team (AIRT) ^[79], Novee AI Red Teaming ^[76]. These tools simulate attacks to find AI system vulnerabilities.
MCP Security Scanning: MCPJam inspector ^[30], McpSafetyScanner ^[30], Proximity (fr0gger/proximity) ^[62]. Tools dedicated to finding vulnerabilities in MCP implementations.
LLM Vulnerability Scanners: Garak ^[80], ai-exploits ^[51], llamator ^[76]. These scan LLMs for issues like prompt injection and data leakage.
Supply Chain Security: JFrog AppTrust ^[7], uv (with CycloneDX), Package Proxy (Thinkst Canary) ^[42]. Tools for managing and securing software dependencies, including AI artifacts.
Threat Intelligence: Microsoft Security Copilot ^[81], leveraging vast datasets for context and analysis.

Recent Developments and Emerging Trends

Autonomous AI Hacking: AI agents are moving beyond simple vulnerability scanning to autonomous reconnaissance, exploitation, and even self-improvement of hacking capabilities ^[51]^[24]^[52].
AI for Exploit Generation: AI's ability to analyze code and generate exploits is accelerating, making zero-day discovery and weaponization more efficient ^[50]^[51].
OWASP Top 10 for LLMs and Agentic Applications: The security community is actively developing specialized risk frameworks to guide secure development and testing of AI systems ^[82]^[78]^[16].
Indirect Prompt Injection Dominance: IPI is becoming the prevalent form of prompt injection due to its stealth and ability to bypass direct user interaction ^[13]^[14]^[83]^[59]^[49].
MCP Protocol as a Major Attack Vector: The ubiquity of MCP in connecting LLMs to tools has made it a prime target, with numerous critical vulnerabilities disclosed ^[84]^[85]^[29]^[30]^[48].
AI Security Fabric: A new paradigm is emerging that integrates AI security across the entire software development lifecycle, from inception to runtime, encompassing DevSecOps, AI-driven development, and AI-native applications ^[7].
Guardrails as the Future: Robust guardrails—layered policies and controls (input validation, output validation, system-level controls)—are seen as essential for constraining AI agent behavior ^[58].

Where to Go Deeper

To further your understanding and practical application of AI security, consider the following resources:

OWASP LLM Top 10 and Agentic Applications Top 10: These frameworks provide a structured understanding of the most critical security risks and mitigation strategies for LLM and agentic AI applications ^[82]^[78]^[16].
MITRE ATLAS: This knowledge base documents adversarial tactics, techniques, and procedures specifically for AI systems, offering insights into attacker methodologies ^[31].
Snyk's AI Security Resources: Snyk provides extensive content on securing AI-generated code, agentic development, prompt injection, and their AI Security Platform ^[4]^[56]^[71]^[7]^[67]^[60].
Wiz Research Publications: Wiz frequently publishes detailed analyses of AI vulnerabilities, including critical flaws in NVIDIA Container Toolkit, Replicate, and MCP implementations ^[86]^[10]^[38]^[55]^[87]^[88]^[89]^[90]^[70]^[77].
Academic Research Papers: Explore publications on arXiv and other platforms for cutting-edge research on prompt injection, agentic AI security, and novel attack vectors ^[8]^[50]^[12]^[19]^[91]^[14]^[92]^[47].
Practical Tooling: Experiment with open-source tools like Garak ^[80], Promptfoo ^[76], and mcp-scan ^[30] to gain hands-on experience in detecting AI vulnerabilities.
Vendor Blogs and Whitepapers: Follow security vendors specializing in AI security (e.g., Snyk, Wiz, CyberArk, Lakera) for timely updates on threats and defensive strategies ^[42]^[10]^[38]^[55]^[87]^[4]^[56]^[71]^[70]^[77]^[33]^[8]^[93]^[34]^[58]^[94]^[67]^[60]^[69]^[68]^[57]^[95]^[12]^[96]^[19]^[9]^[23]^[32]^[44]^[18]^[13]^[97]^[98]^[99]^[91]^[14]^[84]^[85]^[25]^[26]^[43]^[92]^[29]^[20]^[72]^[83]^[30]^[15]^[59]^[27]^[28]^[82]^[49]^[48]^[31]^[100]^[47]^[79]^[78]^[16]^[101]^[76]^[61]^[51]^[24]^[52]^[80]^[62]^[63]^[17]^[102]^[103]^[104]^[105]^[81].

Sources cited in this guide

Prompt Injection Attacks Are Now in Production: What We Learned from Real Breaches — securityboulevard.com
Agentic Security Threats: Prompt Injection Becomes Live Malware — aicerts.ai
AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw Not a Patchable Bug — techtimes.com
Introducing the Snyk AI Security Platform — snyk.io
Meeting the AI Mandates with Confidence: Why Federal Teams Trust Snyk — snyk.io
Secure by Design: The Future of Threat Modeling for AI-Native Applications — snyk.io
Introducing the AI Security Fabric: Empowering Software Builders in the Era of AI — snyk.io
Indirect Prompt Injection Exposes a Universal AI Security Flaw No Deployment Model Is Immune — futurumgroup.com
LLM Security News: Risks Incidents Defenses — blockchain-council.org
Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI — wiz.io
Prompt injection protection: Detecting and blocking malicious AI instructions — acronis.com
Indirect Prompt Injection Is Now a Real-World AI Security Threat — techrepublic.com
Indirect prompt injection is taking hold in the wild — helpnetsecurity.com
Architecting Secure AI Agents: System-Level Defenses Against Indirect Prompt Injection — arxiv.org
OWASP LLM Prompt Injection Prevention Cheat Sheet — cheatsheetseries.owasp.org
LLM01:2025 Prompt Injection | OWASP Gen AI Security — genai.owasp.org
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information · Embrace The Red — embracethered.com
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents — infosecurity-magazine.com
Three Prompt Injection Patterns Your AI Security Detection Stack Misses — cybersecurity-insiders.com
Agents hooked into GitHub can steal creds but Anthropic Google and Microsoft haven't warned users — theregister.com
The New Security Control Point: Governing AI Agents Inside the Execution Loop — snyk.io
ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations — snyk.io
Security for AI Agent Managers: Key Controls — blockchain-council.org
harishsg993010/crossbow-agent: world's first Opensource fully Autonomous AI Security Engineer — github.com
MCP Security: Tool Poisoning Attacks - Invariant Labs — invariantlabs.ai
Poison Everywhere: No Output from Your MCP Server Is Safe - CyberArk — cyberark.com
MCP Security Vulnerabilities: Prompt Injection and Tool Poisoning — practical-devsecops.com
How Agentic Tool Chain Attacks Threaten AI Agent Security — crowdstrike.com
MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem — ox.security
The Vulnerable MCP Project: Comprehensive MCP Security Database — vulnerablemcp.info
How AI Red Teaming Fixes Vulnerabilities in Your AI Systems — invisibletech.ai
How prompt injection broke Nvidia's sandboxed OpenClaw agent — bdtechtalks.substack.com
Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise — snyk.io
How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware — snyk.io
Ultralytics AI Pwn Request Supply Chain Attack — snyk.io
Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident — snyk.io
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2) — wiz.io
The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate — wiz.io
Secure AI-Generated Code at Speed with Snyk and ServiceNow — snyk.io
Welcome-to-The New Era of AI-Driven Development — snyk.io
AI Is Reshaping Software. Is Your Security Strategy Keeping Up? — snyk.io
Defending Your Enterprise at the Speed of AI — snowflake.com
EchoLeak: First Real-World Zero-Click Prompt Injection Exploit — arxiv.org
7 Serious AI Security Risks and How to Mitigate Them — wiz.io
Six levels, one lesson: LLMs cannot keep a secret — infosecwriteups.com
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon — varonis.com
Red Teaming the Mind of the Machine: Evaluation of Prompt Injection and Jailbreak Vulnerabilities — arxiv.org
LangChain Langflow LiteLLM: When AI's Foundation Code Becomes the Attack Surface — securityboulevard.com
Indirect Prompt Injection: The Hidden Threat — lakera.ai
Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever — wiz.io
AI’s Hacking Skills Are Approaching an ‘Inflection Point’ — wired.com
KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark. — github.com
5 security best practices for adopting generative AI code assistants like GitHub Copilot — snyk.io
AI Code Generation: Code Security & Quality, Benefits, Risks & Top Tools — snyk.io
Wiz AI-SPM model scanning: Securely innovate with AI community models — wiz.io
Secure at Inception: Introducing New Tools for Securing AI-Native Development — snyk.io
OpenAI Launches Lockdown Mode Against Prompt Injection Attacks — techbuzz.ai
The Future of AI Agent Security Is Guardrails — snyk.io
How Microsoft Defends Against Indirect Prompt Injection Attacks — microsoft.com
Snyk announces Anthropic updates: Evo integrates with Claude Enterprise, and Snyk Desk comes to Claude Desktop — snyk.io
Hunting Account Takeovers in the Wild West of MCP OAuth Servers" — blog.sicks3c.io
fr0gger/proximity: Proximity is a MCP security scanner powered with NOVA — github.com
The MCP Security Tool You Probably Need - MCP Snitch — adversis.io
Nightfall AI and Snyk unite to deliver AI-powered secrets scanning for developers — snyk.io
Snyk Security Solution Now Integrated into Google Cloud's Gemini Code Assist — snyk.io
Building AI Trust with Snyk Code and Snyk Agent Fix — snyk.io
Introducing the New Agentic Architecture for Snyk Agent Fix: Faster, Smarter, and More Secure — snyk.io
Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI — snyk.io
How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development — snyk.io
Introducing Wiz AI Application Protection Platform (AI-APP) — wiz.io
Why We Built Evo — From My Heart — snyk.io
Protecting Against Indirect Prompt Injection Attacks in MCP — developer.microsoft.com
The top 10 AI security articles you must read in 2024 — wiz.io
Scaling AI Security: How Evo Complements New Agentic Tools — snyk.io
Introducing Wiz Agents & Workflows: Security at the Speed of AI — wiz.io
Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls — unit42.paloaltonetworks.com
Introducing the Wiz Red Agent- AI-Powered Attacker — wiz.io
OWASP Top 10 for LLMs 2025 | DeepTeam Red Teaming Framework — trydeepteam.com
Practical LLM Security Advice from the NVIDIA AI Red Team — developer.nvidia.com
NVIDIA/garak: the LLM vulnerability scanner — github.com
Microsoft Security Copilot is a new GPT-4 AI assistant for cybersecurity — theverge.com
LLM Security Guide: OWASP GenAI Top-10 Risks — github.com
Anatomy of an Indirect Prompt Injection — pillar.security
Anthropic's Model Context Protocol includes a critical remote code execution vulnerability newly discovered exploit puts 200000 AI servers at risk — tomshardware.com
The 'by design' security flaw of Model Context Protocol (MCP) — bdtechtalks.substack.com
MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension — wiz.io
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations — wiz.io
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments — wiz.io
NVIDIAScape - Critical NVIDIA AI Vulnerability: A Three-Line Container Escape in NVIDIA Container Toolkit (CVE-2025-23266) — wiz.io
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications — wiz.io
Prompt Injection Attacks on Agentic Coding Assistants: A Systematic Analysis — arxiv.org
The Dark Side of LLMs: Agent-based Attacks for Complete Computer Takeover — arxiv.org
280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII — snyk.io
How “Clinejection” Turned an AI Bot into a Supply Chain Attack — snyk.io
Securing CI/CD in an agentic world: Claude Code Github action case — microsoft.com
Prompt Injection in 2026 for Web3 Security — blockchain-council.org
Six AI Vulnerabilities Three Attack Patterns One Dangerous Service Gap — msspalert.com
You're Simulating the Wrong Attacker: Who Matters in AI Red Teaming — adversa.ai
When AI Meets the Web: Prompt Injection Risks in Third-Party AI Chatbot Plugins — arxiv.org
What Is Prompt Injection in AI? Examples & Prevention | EC-Council — eccouncil.org
AI Security Projects for Practice: 10 Hands-On Labs — blockchain-council.org
aress31/burpgpt — github.com
SecGPT transforms cybersecurity through AI-driven insights. — medium.com
I Used GPT-3 to Find 213 Security Vulnerabilities in a Single Codebase — medium.com
HackGPT — kaneofthrones.medium.com

📚 This guide is synthesized from the full text of resources curated in the AI library, and refreshed as new material is added.