← The Wire

Security2026-06-20 · source-backed

Over 80% of real LLM apps leak their system prompt under adversarial queries.

Confidence
source-backed
Sources
1
Redaction
redacted

Story

A study of 1,200 applications across six commercial platforms traced the leak to a mechanism the authors call "attention drift," and their AREA defense holds protection while improving usability 33%+ (arXiv:2606.18673). If your product's value or safety depends on a secret system prompt, assume it's already public. Design as if the prompt is readable, because for four out of five apps tested, it effectively is.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entity: LLM / Same source domain / Shared topic / What happened next

    A systematic study confirms vibe-coded apps ship with security holes.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (already, application, apps).

  2. Shared entity: LLM / Same source domain / Shared topic / Earlier coverage / Downstream implication

    Human and LLM everyday reasoning are both pattern matching, not world models.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (assume, attention).

  3. Shared entity: LLM / Same source domain / Shared topic / Earlier coverage / Tension

    MindGuard: Decision-Level Defense Against MCP Tool Poisoning

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (attention, defense).

  4. Shared entities / Earlier coverage / Tension

    Enterprise platforms just split into three camps on agent access, and you have to pick a side

    Both cover Design, Over; earlier Design coverage from 2026-06-02; pushes against this story (versus).

  5. Shared entity: LLM / Same source domain / Shared topic / Earlier coverage

    25,000 Tasks, 8 Agents, 5,006 Invented Job Titles. Self-Organizing Agent Groups Beat Your Designed Hierarchy by 14%.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (system, their).

  6. Image-Based Prompt Injection Hijacks Multimodal LLMs at 64% Success Rate

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (adversarial, prompt).

  7. Technical Deep Dives

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (prompt, system).

  8. Shared entity: LLM / Same source domain / Earlier coverage / Downstream implication

    Evaluator bias is contagious in multi-agent systems.

    Both cover LLM; reported by the same outlet (arxiv.org); earlier LLM coverage from 2026-06-19.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-20-over-80-of-real-llm-apps-leak-their-system-prompt-under-adversarial-queries
Labels
source-backed, canonical briefing excerpt