PROMPTGUARD BLOG
Latest news and updates about AI security and PromptGuard.
Loading articles...
Why We Self-Host Our Security Stack (And You Should Too)
Sending your data to a security vendor is an oxymoron. If you care about privacy, your security tools should run in your VPC.
LangChain Is Unsafe by Default: How to Secure Your Chains
LangChain makes it easy to build agents. It also makes it easy to build remote code execution vulnerabilities. Here is the right way to secure your chains.
PCI-DSS for AI: Don't Let Your Chatbot Touch Credit Cards
If your AI agent sees a credit card number, your entire compliance scope just exploded. Here is how to keep your PCI audit boring.
HIPAA and LLMs: You Are Scoping It Wrong
Compliance teams are terrified of AI because they don't understand it. Here is the engineering guide to shipping HIPAA-compliant AI without losing your mind.
The $50,000 Prompt Injection
We simulated a data breach via LLM. The costs weren't in the fines—they were in the cleanup. Here is the breakdown of the hidden costs of unsecured AI.
Why Support Bots Are Your Biggest Security Hole (And How We Fix It)
We've seen how easy it is to trick a helpful bot into leaking user data. Here is the architecture we recommend to prevent it without killing the user experience.
Your RAG Pipeline Is a Remote Code Execution Vulnerability
You are pulling untrusted HTML and PDFs into your secure context. If you aren't scrubbing them for hidden instructions, you are vulnerable to indirect injection.
The Cost of False Positives (And How We Minimize Them)
Blocking a real user is worse than missing an attack. Here is how we tuned our detection engine to stop 47,000 attacks with only 230 false alarms.
The Case for Radical Transparency in Security
Security tools have a bad habit of being black boxes. 'Block' is not an error message. Here is why we show you the full stack trace of every decision.
Regex is Not Enough: How We Built PII Detection That Doesn't Suck
PII detection is easy if you don't care about false positives. If you do, it's a nightmare. Here is how we combined Regex, Context, and ML to catch sensitive data without blocking legitimate users.
You Can't Regex Your Way Out of Prompt Injection
We blocked 32,000 injection attempts last month. Here is why keyword filters failed us, and the defense-in-depth architecture that actually works.
The Day an AI Agent Deleted Our Logs
We gave an AI agent permission to 'clean up'. It cleaned up everything. Here is the architecture we built to prevent it from happening again.
Stop Manually Updating Your SDKs: Why We Built a CLI
Security that requires manual code changes is security that gets skipped. Here is why we built a CLI to secure codebases automatically.
How We Built a Sub-10ms AI Firewall
Security is useless if it destroys your latency. Here is the engineering story of how we optimized PromptGuard's hybrid architecture to inspect prompts in 8ms.
The Physics of Latency: Why We Don't Use LLMs to Secure LLMs
Everyone wants AI security, but nobody wants to add 500ms to their request. Here is why we bet on classical ML and Rust for our detection engine.
What 100 Million Attacks Taught Us About AI Security
We analyzed the last 100M requests blocked by PromptGuard. The data surprised us. It's not hackers—it's regular users trying to break your rules.
Why We Built Red Teaming Into the Gateway
You wouldn't ship code without unit tests. Why do you ship AI prompts without security tests? Introducing automated Red Teaming.
Why We Open Sourced Our AI Firewall
Security through obscurity is dead. We built PromptGuard because we were tired of black-box security tools that we couldn't audit. Here is why we made it open source.