Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and folks who want to know what's going on inside the LLM-based app they use daily

PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.

Resk is a robust Python library designed to enhance security and manage context when interacting with LLMs. It provides a protective layer for API calls, safeguarding against common vulnerabilities and ensuring optimal performance. And safe layer again Prompt Injection.

Data Analysis of the results of llmail-inject challenge

Lakera Gandalf AI challenge's step by step walkthrough, showcasing real-world prompt injection techniques and LLM security insights.

Utterly unelegant prompts for local LLMs, with scary results.

Proof of Concept (PoC) demonstrating prompt injection vulnerability in AI code assistants (like Copilot) using hidden Unicode characters within instruction files (copilot-instructions.md). Highlights risks of using untrusted instruction templates. For educational/research purposes only.

FRACTURED-SORRY-Bench: This repository contains the code and data for the creating an Automated Multi-shot Jailbreak framework, as described in our paper.

Datasets e instruções-base do Desafio Auditor Sr. Analytics (Auditoria Contínua, Metodologia e IA). Inclui transacoes.csv, logs_ia.csv e DATA_DICTIONARY.md, com dados fictícios para análise com Spark/SQL e avaliação de riscos em processos com LLM.