5,5 prompt injection techniques in 15 minutes by Brian Vermeer

A conference talk covering 5.5 prompt injection techniques against LLMs, demonstrated live. Techniques include direct instruction override, structured output attacks (requesting JSON to pressure compliance), roleplaying exploits, multi-turn manipulation (gradually extracting data across chat turns), payload splitting (combining fragments in one prompt), and delimiter confusion (hiding instructions in text). The speaker shows these attacks against GPT-3.5, GPT-4, and GPT-4.1, noting newer models are stronger but not immune, and that combining techniques can bypass even hardened models. Mitigation strategies covered include scanning CLAUDE.md/MCP files for injections, enforcing structured output, using input/output guardrails (LLM-as-a-judge), limiting user input scope, and keeping strict system messages. The speaker warns that blindly downloading skills files or MCP servers is a major attack vector.