OpenGuard: 'The Webpage Has Instructions. The Agent Has Your Credentials.' — Comprehensive Prompt Injection State-of-the-Union
OpenGuard published a dense technical state-of-the-union on prompt injection (March 15, 2026) covering: OpenAI Operator's 23% attack success rate after mitigations across 31 test scenarios; Agent Security Bench's 84.30% success rate across mixed attacks; MCP tool descriptions as supply-chain attack surface (Invariant Labs GitHub exploit: public issue → private repo → public PR, no compromised server needed); and memory poisoning outlasting sessions with 95%+ success under ideal conditions. The core architectural prescription: map every untrusted content source and every dangerous action separately, then enforce per-task-scoped credentials and treat connector metadata as code. Published as a developer resource for the OpenGuard agent security framework.
Source
↳ Follow the thread