Attack Guides Hub
Comprehensive guides on AI and LLM security attack techniques. Each guide includes real-world examples, severity ratings, and defensive countermeasures.
Beginner's Path
New to AI security? Follow this recommended reading order:
- OWASP LLM Top 10 — Understand the landscape of LLM security risks.
- Prompt Injection Guide — Master the #1 LLM vulnerability with hands-on examples.
- RAG Security — Learn how RAG systems can be poisoned and manipulated.
- MCP Security — Explore Model Context Protocol vulnerabilities.
- Red Teaming Methodology — Apply structured adversarial testing to AI systems.
Attack Techniques by Category
Prompt Injection
CRITICALManipulate LLM behavior by crafting malicious inputs. Includes direct injection, indirect injection via external data sources, and multi-turn jailbreaks.
Read Guide →Data Exfiltration
CRITICALExtract sensitive training data, system prompts, or internal configurations from LLM APIs and model endpoints.
Read Guide →Model Extraction
HIGHSteal model weights, architecture, or capabilities through carefully crafted queries and output analysis.
Read Guide →Supply Chain Attacks
HIGHPoison model registries, compromise training pipelines, or inject malicious code into AI frameworks and dependencies.
Read Guide →RAG Poisoning
HIGHInject malicious documents into vector databases, manipulate embeddings, or poison retrieval results to alter LLM outputs.
Read Guide →Agentic Goal Hijacking
MEDIUMRedirect autonomous AI agents from their intended goals to malicious objectives by manipulating context or tool outputs.
Read Guide →Function Call Injection
MEDIUMForce LLMs to invoke unintended functions or APIs by manipulating tool descriptions and conversation context.
Read Guide →Adversarial Examples
LOWCraft subtle input perturbations that cause models to misclassify or produce incorrect outputs, targeting vision, audio, and text models.
Read Guide →Latest Additions
- AI Security Incidents 2026 Timeline — Real-world breaches and CVE disclosures.
- OpenClaw / Hermes Agent Security — Security hardening for AI agent frameworks.
- OWASP Top 10 for Agentic Applications — New risks for autonomous AI agents.
- AI Incident Response Playbook — Step-by-step breach response procedures.
Ready to Test Your Skills?
Apply what you have learned with our hands-on testing guides and tool recommendations.