Independent AI researcher Johann Rehberger (previously) has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different tools, all of which are vulnerable to various classic prompt injection problems. This is a fantastic and horrifying demonstration of how widespread and dangerous these vulnerabilities still are, almost three years after we first started talking about them.

Johann’s published research in August so far covers ChatGPT, Codex, Anthropic MCPs, Cursor, Amp, Devin, OpenHands, Claude Code, GitHub Copilot and Google Jules. There’s still half the month left!

The Summer of Johann: prompt injections as far as the eye can see

Previously:

/blog/2025/06/15/prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms/?utm_source=rss&utm_medium=rss&utm_campaign=prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms
/blog/2025/04/23/notes-on-llms/
/blog/2025/08/06/trust-in-the-world-of-ai/