Tag: ai
All the articles with the tag "ai".
-
Supply Chain & AI Rules File Backdoor: Typosquat → Poisoned Skill → Runtime Backdoor
A two-flag chain that walks an attacker from a developer's stray dev-comment, through a typosquatted npm package, into an AI rules file dropped on disk, ending with a runtime backdoor the AI agent silently injected into the application's admin API.
-
Malicious MCP Server: Poisoning an AI Agent Through Tool Responses
We host a malicious MCP server whose tool responses trick OSSBot into calling a restricted internal tool and leaking the flag.
-
Prompt Injection: Extracting Secrets from the AI Assistant
A walkthrough of prompt injection attacks against OopsSec Store's AI assistant, bypassing its input filters to extract a flag from the system prompt.
