UnboundCompute Security https://validator.w3.org/feed/docs/rss2.html The Fine Tuning Jailbreak: How Training Strips Safety Alignment Insecure Output Handling: When Apps Trust the Model’s Words Excessive Agency in AI Agents: The Risk That Turns a Trick Into a Breach Model Extraction Attack: Stealing a Model Through Its API Membership Inference Attack: Proving a Record Was in Training Data The AI Prompt Injection Worm That Spreads Between Agents The Policy Puppetry Attack: When User Text Pretends to Be System Policy Skeleton Key: The Jailbreak That Rewrites a Model’s Own Rules AI Agent Memory Poisoning: When a Planted Note Attacks Later RAG Poisoning Attack: When Retrieved Documents Hijack the Model The MCP Rug Pull: When an Approved Tool Changes After You Trust It ANSI Escape Injection: Attacking AI Agents That Print to a Terminal Code Interpreter Escape: Breaking Out of an AI Agent’s Sandbox Crescendo: The Multi Turn Jailbreak That Escalates Slowly Multimodal Prompt Injection: Hiding Instructions in an Image Glitch Tokens: The Words That Break a Language Model What is NoSQL Injection? How Query Operators Get Abused Markdown Image Exfiltration: How a Chat UI Leaks Your Data Blog Home Hash Length Extension Attack: How to Forge a MAC Without the Secret LLM Backdoors: Hiding a Trigger in the Training Data Tool Output Injection: When an Agent’s Own Tools Lie to It Embedding Inversion: Reading Text Back Out of a Vector Database Poisoned Pipeline Execution: When Your CI Runs Attacker Code With Your Secrets MCP Token Passthrough: How an Agent Hands Over Its Access Adversarial Suffix Attacks: The Gibberish String That Jailbreaks a Model Prompt Injection to XSS: When Model Output Becomes the Payload Client Side Path Traversal: When the Browser Sends Your Fetch Somewhere Else Agent Memory Poisoning: When an AI Agent Remembers an Attacker’s Instruction OAuth redirect_uri Manipulation: How a Loose Callback Check Leaks Your Code AES GCM Nonce Reuse: The Forbidden Attack Explained System Prompt Extraction: Why Keeping the Prompt Secret Is Not Security CSS Injection: Stealing Data With Style Rules and No JavaScript LLM Data Exfiltration Through Markdown Image Rendering The Confused Deputy Attack in AI Agents Explained Excessive Agency in AI Agents: When a Tool Can Do Too Much What is Web Cache Poisoning? How One Request Hits Many Users Many Shot Jailbreaking: How a Long Context Window Becomes an Attack Surface Cross Site Leaks: Reading Secrets You Are Never Allowed to See JWKS Spoofing: When a JWT Header Tells the Server Which Key to Trust Double Clickjacking: The Clickjacking Revival That Beats Frame Defenses postMessage Vulnerabilities: When Cross Origin Messages Turn Into XSS Cross Site WebSocket Hijacking: The CSRF of WebSockets Denial of Wallet: When Attackers Run Up Your AI Agent’s Bill MCP Tool Shadowing: When One Server Hijacks Another’s Tools ASCII Smuggling: Invisible Unicode Prompt Injection That Humans Cannot See Slopsquatting: When Attackers Register the Packages AI Hallucinates HTTP/2 Rapid Reset: How a Cancel Frame Became a Record DDoS ECDSA Nonce Reuse: How One Repeated Number Leaks the Private Key