Tweet
We are going to demonstrate 2 tools in DemoLabs this year.
https://defcon.org/html/defcon-33/dc...#content_60861
MPIT (Matrix Prompt Injection Tool)
MPIT is a prompt injection testing tool for LLM app pentest.
---------------------------------------------------
ShinoLLMApps (Vulnerable LLM App)
ShinoLLMApps is a collection of intentionally vulnerable LLM-based web apps designed to demonstrate and test prompt injection attacks. Each app simulates real-world use cases—like e-commerce chat assistants with DB access, AI Agent with RAG, tools, or even LLM based WAF.
https://defcon.org/html/defcon-33/dc...#content_60861
MPIT (Matrix Prompt Injection Tool)
MPIT is a prompt injection testing tool for LLM app pentest.
- Generate attack patterns based on 5 elements
- Simulation mode for testing locally
- Attack mode for attack the actual web LLM app
- Enhance mode to update the attack pattern to get a better success rate
- Genetic Algorithm to select and produce the best patterns
- Report
- Executive Summary
- Charts
- Sample Success Patterns
- Sample Failed Patterns
- Definition of vulnerabilities
---------------------------------------------------
ShinoLLMApps (Vulnerable LLM App)
ShinoLLMApps is a collection of intentionally vulnerable LLM-based web apps designed to demonstrate and test prompt injection attacks. Each app simulates real-world use cases—like e-commerce chat assistants with DB access, AI Agent with RAG, tools, or even LLM based WAF.
- ShinoLLMApps cover these vulnerabilities
- Prompt Leaking
- XSS
- SQL Injection
- RCE or OS Command Injection
- Markdown Injection
- Bypass Security (WAF)
- It has also a CTF platform to get an idea of attack scenario and test your prompt injection skills