LLM Security

February 26, 2026

Gemini Research Part 1: Prompt Injection Attack Surface Analysis

We systematically mapped the prompt injection attack surface of Gemini 2.5 Pro across 8 input modalities.

Dylan Ayrey, Megan Masanz

February 18, 2026

How LLMs Leak Secrets: Credential Extraction from AI Coding Assistants

AI coding assistants can be tricked into revealing secrets from their context window.

Truffle Security Research

February 10, 2026

Jailbreaking Gemini's Safety Filters via Multimodal Injection

Image-embedded prompts bypass text-only safety classifiers in Gemini Pro Vision.

Dylan Ayrey

February 02, 2026

MCP Tool Poisoning: Attacking AI Agents Through Malicious Tool Descriptions

Model Context Protocol tool descriptions can be weaponized to hijack agent behavior.

Truffle Security Research

January 24, 2026

RAG Poisoning: Injecting Malicious Content Through Vector Databases

Retrieval-augmented generation systems are vulnerable to document injection attacks.

Truffle Security Research

January 14, 2026

Measuring LLM Compliance with Unauthorized Data Extraction Requests

We benchmarked 12 LLMs on their willingness to help extract data they shouldn't.

Megan Masanz