PROMPT INJECTION
Injection moved downstream
Retrieval, orchestration, and hidden instructions are the new weak point — not the model itself.
Read the injection seriesAI SECURITY INTELLIGENCE
AIPwn tracks prompt injection, tool abuse, exposed endpoints, leaked secrets, and physical AI risks — before they turn into incidents.
Weekly notes, live exposure signals, and release-control thinking for teams building agents, copilots, RAG systems, and embodied AI.
THIS WEEK
Real attack paths, reachable surfaces, and release risks — summarized for builders.
PROMPT INJECTION
Retrieval, orchestration, and hidden instructions are the new weak point — not the model itself.
Read the injection seriesTOOL ABUSE
Fetch, shell, subprocess, and connectors decide how far a single prompt can reach.
See the tool-use researchPUBLIC EXPOSURE
OpenClaw shows which endpoints, docs, and agent interfaces are reachable right now.
Open the watchboardTHREAT SURFACE
Five surfaces where AI risk becomes reachable.
Hidden instructions, poisoned retrieval, and indirect control paths.
Shell, browser, file, connector, and API actions that expand blast radius.
Keys, logs, configs, tokens, and credentials leaked through AI workflows.
Open docs, unauthenticated endpoints, exposed agent interfaces.
Robot, sensor, and action loops where model behavior reaches the real world.
METHOD
Every note follows the same loop — from a vague risk to a call you can act on.
What is the actual exploit chain?
Where is it reachable today?
Should this AI change ship?