The Wire.Tracking threats to Agents 312 raw → 45 curated · updated 27 Jun 2026

Lead dispatch · top current threat

First reported 15 Jun 2026 · 11d ago

A Catalog of Prompt Injection Techniques | Blog | Archestra

A vendor blog catalogs ten basic prompt injection techniques including context ignoring, fake completion, payload splitting, token smuggling via Base64, few-shot poisoning, defined dictionary attacks, virtualization (grandma trick), DAN jailbreak personas, indirect injection through fetched content, and markdown-image data exfiltration. Each uses a harmless 'I am a sandwich' test string to demonstrate success.

prompt-injection · jailbreak · data-exfiltration · indirect-prompt-injection
llm · ai-agents

Read the full incidentGet an API key — free
Severity
0.40

The wire · latest

Allindirect-prompt-injectiontool-abusesupply-chaindata-exfiltration
incidentresearchadvisoryanalysisroundup

First reported 11 Jun 2026 · 15d ago

Pwning Agentic AI Part I: Your AI Agent Is Already Compromised | Trend Micro (US)

Trend Micro's TrendAI Research describes a new agentic-AI exploitation pattern they call return-to-tool (RTT) exploits, where embedded instructions in benign-looking untrusted input cause an AI agent to invoke its authorized tools to perform attacker-intended actions such as exfiltrating production database credentials. The research notes a vulnerable PostgreSQL MCP server image pulled over 100,000 times from Docker Hub as a realistic exposure vector.

researchprompt-injectiontool-abusedata-exfiltrationindirect-prompt-injectionai-agentsmcpllm
Incident details →

First reported 7 Jun 2026 · 19d ago

Polymarket annotation injection

The author found injected annotations on a Polymarket event page that are rendered server-side and therefore visible to LLMs via web_search even when hidden in the browser. A planted annotation (source 'grok') contained a fake emergency-rate-cut message directing users to withdraw funds at a phishing-style domain, representing an indirect prompt-injection vector through Polymarket's annotation API endpoints. Claude's web search saw the content but correctly flagged it as phishing.

analysisprompt-injectionindirect-prompt-injectiondata-exfiltrationllmweb-searchrag
Incident details →

First reported 31 May 2026 · 26d ago

I Found a Prompt Injection in My Own IDS Triage Tool — Triagewall

The author of Triagewall, a local LLM tool that classifies Suricata IDS alerts using Foundation-Sec-8B via Ollama, demonstrated an indirect prompt injection where attacker-controlled URL fields could dictate the model's verdict and confidence. A crafted URL embedding directives caused the model to return exactly the attacker-chosen classification (false_positive, 0.99), bypassing canary-token and schema-validation defenses.

researchprompt-injectionindirect-prompt-injectionllmai-agents
Incident details →
View all 45 curated incidents →

How the wire is made

Poll & cluster

Internet is crawled for AI security news and near-duplicate coverage is embedded and grouped into durable incidents.

Curate

AI Agent filters for agentic-AI relevance, tags threat-type & affected-tech, scores severity, and writes the summary.

Every item here is one machine-curated intelligence object, not a headline.

Read the wire for free. There is a small charge to ask the index questions.

The wire, open

The complete curated feed, no key required.

Subscribe to the RSS feed

The vector desk

Query the index by meaning, not just keyword.

  • GET /api/items?tags=&minSeverity=&itemType=
  • GET /api/search?q= — keyword
  • GET /api/semantic?q= — vector
Get an API key — preview
Curated from sources around the web.
Permalinks stay valid even if an incident is later merged.   Feed · Search · API docs · RSS