AI & LLM Security
The new attack surface nobody trained for.
Chapter 10 of the roadmap. Work through each walkthrough below, or browse every topic.
-
Prompt Injection: Extracting Secrets from the AI Assistant
A walkthrough of prompt injection attacks against OopsSec Store's AI assistant, bypassing its input filters to extract a flag from the system prompt.
-
Malicious MCP Server: Poisoning an AI Agent Through Tool Responses
We host a malicious MCP server whose tool responses trick OSSBot into calling a restricted internal tool and leaking the flag.