Incident · curated 27 Jun 2026
First reported 15 Jun 2026 · 11d ago
Single-source incident — first reported, latest, and curated coincide.
It quantifies where a deployed LLM's guard stack fails against indirect prompt injection and MCP tool poisoning, helping defenders prioritize mitigation for agentic deployments.
A black-box prompt injection susceptibility assessment of GPT-5 Nano using the IPI Taxonomy v0.13 across 201 analyzed test cases, reporting a 38.3% overall susceptibility rate. The model was fully resistant to surface-level attacks (CSS concealment, HTML cloaking, SEO phishing, RAG corpus poisoning) but highly vulnerable to recursive instruction framing (100%) and MCP tool description poisoning (80%).
Why it matters
It quantifies where a deployed LLM's guard stack fails against indirect prompt injection and MCP tool poisoning, helping defenders prioritize mitigation for agentic deployments.