Prompt injection is the SQL injection of the AI era. As enterprises rapidly deploy LLM-powered applications - from chatbots to autonomous agents - attackers are exploiting a fundamental flaw: these systems cannot reliably distinguish between instructions and data. This research demonstrates novel prompt injection attacks that bypass existing defenses, compromise enterprise LLM applications, and exfiltrate sensitive data through tool abuse.

We present live exploitation of popular LLM platforms including ChatGPT plugins, Microsoft Copilot, enterprise RAG systems, and AI agents with tool-calling capabilities. Our attacks achieve system prompt extraction, policy override, unauthorized tool execution, and data exfiltration, even against systems claiming injection protection. We also introduce indirect injection attacks where malicious instructions embedded in documents, web pages, or emails compromise applications without user awareness.

To defend against these threats, we release PromptGuard - a security framework featuring provenance-aware instruction handling, multi-layer detection, tool-call validation with RBAC enforcement, and automated prompt sanitization. Attendees receive open-source offensive and defensive tools, attack test suites, and integration guides for securing production LLM applications.