Sandyaa is an open-source autonomous source code auditor. Point it at a directory or a git URL and it runs end-to-end: builds context, detects vulnerabilities, writes runnable proof-of-concepts, and emits a findings/ folder where every claim in evidence.json is linked back to a file and line. why to wait for Mythos :))
A few days ago, a research team disclosed GeminiJack, a prompt-injection vulnerability affecting LLM-powered applications.
I recreated the same class of vulnerability as an interactive challenge to demonstrate how subtle prompt injection flaws can bypass guardrails, alter model behavior, and lead to unintended actions in real systems.
This is not a write-up, but a hands-on challenge. If you’re working with LLM apps, RAG pipelines, or AI agents, you can try breaking it yourself and see where traditional controls fail.
Happy to discuss the technical details, threat model, and mitigations in the comments.