PITTSBURGH, PA – July 23, 2025 – Preamble, the veteran-led AI security company that first discovered prompt injection vulnerabilities in 2022, recently announced the publication of its comprehensive research paper “Prompt Injection 2.0: Hybrid AI Threats” and the simultaneous release of its Prompt Injector open source security testing toolkit.
New Research Addresses Next-Generation AI Threats
Published in arXiv, “Prompt Injection 2.0: Hybrid AI Threats” represents the most comprehensive analysis to date of how modern prompt injection attacks have evolved to combine with traditional cybersecurity exploits, creating unprecedented hybrid threats that systematically evade conventional security controls.
“The AI threat landscape has fundamentally transformed with the emergence of agentic AI systems,” said Jeremy McHugh, D.Sc., CEO and co-founder of Preamble. “Our latest research demonstrates how attackers can now combine prompt injection techniques with traditional web vulnerabilities like Cross-Site Scripting and Cross-Site Request Forgery to create hybrid attacks that render traditional security measures ineffective.”
The research, authored by McHugh alongside Kristina Šekrst and Jon Cefalu, builds upon Preamble’s foundational 2022 work that first identified prompt injection vulnerabilities in OpenAI’s GPT-3. The new study addresses critical security gaps in:
- Agentic AI Systems: Where LLMs autonomously perform multi-step tasks through tools and agent coordination
- AI Worms and Multi-Agent Infections: Self-propagating threats that spread across AI systems
- Hybrid Cyber-AI Attacks: Novel combinations of AI manipulation and traditional cybersecurity exploits
- Traditional Security Control Failures: How web application firewalls, XSS filters, and CSRF tokens fail against AI-enhanced attacks
Open Source Tool Democratizes Enterprise-Grade AI Security Testing
Concurrent with the research publication, Preamble released Prompt Injector v1.0.6, a professional desktop AI security testing platform now available as open source software under the Apache 2.0 license. The tool, accessible at github.com/preambleai/prompt-
“By open-sourcing our professional testing platform, we’re democratizing access to advanced AI security tools,” explained McHugh. “This reflects our commitment to elevating security standards across the entire AI ecosystem, not just for our enterprise customers.”
Key features of Prompt Injector include:
- Comprehensive Attack Payloads: Test scenarios for various prompt injection attacks
- Multi-Model Support: Compatible with OpenAI, Anthropic, Google, Grok, and Ollama
- Testing History: Detailed AI security testing history
- Local Deployment: Desktop application ensures sensitive testing data remains under user control and minimizes costs
- Professional Grade: Toolkit designed for AI security experts and researchers
Industry Impact and Validation
The research findings have significant implications for organizations deploying AI systems, particularly in enterprise and government environments where security is paramount. Traditional security professionals who rely on established tools like web application firewalls and input sanitization will need to reconsider their approaches to AI system protection when embedding AI services in web applications.
“This research validates what we’ve been telling enterprises and government agencies: AI security requires modern solutions that understand the unique attack vectors of language models,” said McHugh. “Traditional cybersecurity tools simply weren’t designed for AI-powered systems.”
About Preamble’s AI Security Leadership
Founded in 2021 by U.S. Air Force veteran Jeremy McHugh, Preamble has established itself as the definitive authority on AI security through a combination of pioneering research, patent-protected technology, and enterprise-grade solutions.
The company’s achievements include:
- First Discovery: Identified prompt injection vulnerabilities in GPT-3 (May 3, 2022) and responsibly disclosed to OpenAI
- Patent Protection: Holds comprehensive patents for prompt injection mitigation technology (granted October 2024)
- Research Leadership: Multiple peer-reviewed publications advancing the field of AI security
- Strategic Partnerships: Collaborations with NVIDIA, IBM, Carahsoft, and U.S. government agencies
- Platform Innovation: The Preamble ATP (AI Trust Platform) provides comprehensive security, safety, and governance solutions
Driving the Future of AI Security
As organizations worldwide grapple with the security implications of AI adoption, Preamble’s dual commitment to advancing research and providing practical solutions positions the company at the forefront of this critical field. The simultaneous release of cutting-edge research and open source tools demonstrates a unique approach to industry leadership that benefits both commercial clients and the broader security community.
“Our mission extends beyond protecting our customers’ AI systems,” McHugh noted. “We’re working to establish the foundational security practices that will enable safe AI adoption across all sectors of the economy.”
Availability and Access
The complete research paper “Prompt Injection 2.0: Hybrid AI Threats” is available at arxiv.org/abs/2507.13169. The Prompt Injector open-source platform can be downloaded from github.com/preambleai/prompt-
About Preamble
Founded in 2021, Preamble is the pioneer in AI security operations, providing the full-stack cybersecurity solution for AI. Based in Pittsburgh, PA, the veteran-led company protects business assets with the industry’s most versatile and customizable platform for AI security and compliance. Preamble secures AI with a customizable, platform—protecting AI systems from threats, compliance risks, and misuse so organizations can innovate with confidence. The company maintains strategic partnerships with NVIDIA, IBM, Carahsoft, and key government agencies. For more information, visit preamble.com.
