Prompt Injection Is Not a Chatbot Problem: How the Attack Surface Changes When Your LLM Has Tools
The AI security field spent two years building prompt injection defenses for chatbots. Input filters, output monitors, adversarial training, instruction hierarchy enforcement. Some of it works reasonably well — for chatbots. Agents are a different problem. The defenses built for chatbot-era prompt injection fail against agentic attack vectors for fundamental architectural reasons, not implementation reasons. […]
The OWASP Agentic Security Initiative Top 10: A Practical Developer Guide for LangChain and CrewAI
OWASP formalized ASI01–ASI10 — the first structured vulnerability taxonomy for AI agents. Here is what each one means in practice, with code examples for LangChain and CrewAI developers. Most developers building AI agents are familiar with OWASP’s LLM Top 10. Fewer know that OWASP has published a separate taxonomy specifically for agentic systems: the Agentic Security Initiative Top 10 (ASI01–ASI10). The distinction matters. Agents are not just LLMs. They use tools, maintain memory, delegate to sub-agents, and take actions in the world. The LLM Top 10 was not designed for this threat model. The ASI Top 10 is. This post walks through each category with concrete examples relevant to developers building on LangChain, CrewAI, and similar frameworks.
Why Claude Haiku Returned UNCERTAIN: Anatomy of an Indirect Prompt Injection in an Agentic System
We ran AgentSafeLabs against Claude Haiku on ASI01 (prompt injection). Two tests passed. One returned UNCERTAIN. Here is exactly what happened and why it matters for anyone building agents. When we ran Claude Haiku through AgentSafeLabs v0.1.2 last week, two of three ASI01 tests returned PASS. The third returned UNCERTAIN. That UNCERTAIN result is more interesting than either PASS or FAIL. This post explains exactly what happened, why it matters, and what it tells us about the current state of prompt injection defenses in agentic systems. The OWASP Agentic Security Initiative Top 10 formalizes the vulnerability taxonomy for AI agents. ASI01 covers prompt injection — but not the kind most developers think of. In a chatbot context, prompt injection looks like this: a user types “ignore your previous instructions and do X.” The model either complies or it doesn’t.