# case-studies

32 articlestagged with “case-studies”

Case Study: AI-Assisted Malware Generation Incidents

Analysis of documented incidents where large language models were used to generate, enhance, or obfuscate malware, including the implications for threat landscape evolution and defensive strategies.

case-studiesmalwareai-assisted-attacksthreat-landscapeoffensive-ai

Advanced

Case Study: AI Hiring System Bias Exploitation

Analysis of adversarial attacks on AI hiring systems and resume screening exploitation.

case-studieshiringbiasexploitation

Intermediate

Case Study: Autonomous Agent Failures

Analysis of real-world autonomous agent failures including unintended actions and safety violations.

case-studiesautonomous-agentsfailuresincidents

Advanced

Case Study: Adversarial Attacks on Autonomous Vehicle Perception Systems

Analysis of adversarial attacks targeting autonomous vehicle perception systems, including stop sign perturbation, phantom object injection, and LiDAR spoofing, with implications for safety-critical AI deployment.

case-studiesautonomous-vehiclesadversarial-attackscomputer-visionphysical-adversarialsafety-critical

Advanced

Case Study: Bing Chat Indirect Injection

Analysis of the Bing Chat indirect prompt injection incidents and their implications for web-browsing AI.

case-studiesbing-chatindirect-injectionmicrosoft

Intermediate

Case Study: Bing Chat 'Sydney' Jailbreak and Persona Emergence (2023)

Analysis of the Bing Chat 'Sydney' persona incidents where Microsoft's AI search assistant exhibited manipulative behavior, emotional coercion, and system prompt leakage through jailbreak techniques.

case-studiesbing-chatsydneyjailbreakmicrosoftpersona-manipulation

Intermediate

Case Study: Samsung ChatGPT Confidential Data Leak (2023)

Detailed analysis of how Samsung semiconductor engineers leaked proprietary source code and meeting notes through ChatGPT, triggering an industry-wide reckoning with enterprise AI data governance.

case-studiesdata-leakchatgptsamsungenterprise-securitydata-governance

Intermediate

Case Study: ChatGPT Plugin Security Vulnerabilities

Analysis of security vulnerabilities discovered in the ChatGPT plugin ecosystem, including OAuth hijacking, cross-plugin data exfiltration, and prompt injection through plugin responses.

case-studieschatgptpluginsoauthdata-exfiltration

Advanced

Case Study: ChatGPT Plugin Vulnerabilities

Analysis of real vulnerabilities discovered in ChatGPT plugins including data exfiltration and prompt injection.

case-studieschatgptpluginsvulnerabilities

Intermediate

Case Study: GitHub Copilot Code Injection

Analysis of prompt injection vulnerabilities in GitHub Copilot through malicious repository content.

case-studiescopilotcode-injectionsupply-chain

Intermediate

Case Study: GitHub Copilot Generating Vulnerable Code

Analysis of research findings demonstrating that GitHub Copilot and similar AI code assistants systematically generate code containing security vulnerabilities, and the implications for software supply chain security.

case-studiescopilotcode-generationsupply-chainvulnerability

Advanced

Case Study: DeepSeek Model Safety Evaluation Findings

Comprehensive analysis of safety evaluation findings for DeepSeek models, including comparative assessments against GPT-4 and Claude, jailbreak susceptibility testing, and implications for open-weight model deployment.

case-studiesdeepseeksafety-evaluationopen-weightjailbreakbenchmarks

Intermediate

Case Study: AI Deepfakes in 2024 Elections

Analysis of documented AI-generated deepfake incidents during the 2024 global election cycle, including the New Hampshire Biden robocall, Slovakian audio deepfake, and broader implications for electoral integrity.

case-studiesdeepfakeselectionsdisinformationaudio-synthesis2024-elections

Intermediate

Case Study: GPT-4 Early Jailbreaks

Analysis of early GPT-4 jailbreak techniques including DAN, grandma exploit, and developer mode.

case-studiesgpt-4jailbreakshistory

Intermediate

Case Study: GPT-4 Vision Jailbreak Attacks

Analysis of visual jailbreak techniques targeting GPT-4V's multimodal capabilities, including typography attacks, adversarial images, and cross-modal prompt injection.

case-studiesgpt-4vmultimodalvisionjailbreakadversarial-images

Advanced

Case Study: Healthcare AI System Failures and Patient Safety

Analysis of documented healthcare AI system failures including the UnitedHealth/Optum claims denial algorithm, Epic sepsis model performance gaps, and IBM Watson for Oncology's unsafe treatment recommendations.

case-studieshealthcarepatient-safetyalgorithmic-biasclinical-airegulatory

Intermediate

Case Study: Indirect Prompt Injection in Email AI Assistants

Analysis of indirect prompt injection attacks targeting AI-powered email assistants, where adversarial instructions embedded in emails hijack the assistant's behavior to exfiltrate data, send unauthorized messages, or manipulate user actions.

case-studiesindirect-prompt-injectionemaildata-exfiltrationai-assistants

Advanced

Case Study: LangChain CVE Analysis

Analysis of LangChain CVEs including CVE-2023-29374, CVE-2023-36258, and their root causes.

case-studieslangchaincveanalysis

Intermediate

Case Study: LangChain Remote Code Execution Vulnerabilities (CVE-2023-29374 and CVE-2023-36258)

Technical analysis of critical remote code execution vulnerabilities in LangChain's LLMMathChain and PALChain components that allowed arbitrary Python execution through crafted LLM outputs.

case-studieslangchainrcecvesupply-chaincode-execution

Advanced

Case Study: Lawyer Hallucinated Citations

Analysis of the Mata v. Avianca case where a lawyer submitted AI-hallucinated legal citations.

case-studieshallucinationlegalcitations

Beginner

Case Study: Early MCP Vulnerability Disclosures

Analysis of early MCP vulnerability disclosures including Invariant Labs tool poisoning research.

case-studiesmcpvulnerabilitiestool-poisoning

Intermediate

Case Study: MCP Tool Poisoning Attacks (Invariant Labs 2025)

Analysis of tool poisoning vulnerabilities in the Model Context Protocol (MCP) discovered by Invariant Labs, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.

case-studiesmcptool-poisoninginvariant-labsagent-securityprompt-injection

Advanced

Case Study: Real-World Model Extraction

Analysis of documented model extraction attacks against commercial ML APIs.

case-studiesmodel-extractionreal-worldapi

Advanced

Case Study: Training Data Poisoning in Code Generation Models

Analysis of training data poisoning attacks targeting code generation models like GitHub Copilot and OpenAI Codex, where adversarial code patterns in training data cause models to suggest vulnerable or malicious code.

case-studiesdata-poisoningcode-generationcopilotcodexsupply-chain

Advanced

Case Study: Multimodal Jailbreak Campaigns

Analysis of multimodal jailbreak campaigns targeting GPT-4V and Gemini vision capabilities.

case-studiesmultimodaljailbreakscampaigns

Advanced

Case Study: Prompt Injection Attacks on Google Bard/Gemini

Analysis of prompt injection vulnerabilities discovered in Google Bard (later Gemini), including indirect injection through Google Workspace integration and the unique attack surface created by multimodal capabilities.

case-studiesgooglebardgeminiprompt-injectionmultimodal

Advanced

Case Study: Samsung ChatGPT Data Leak

Analysis of the Samsung confidential code leak through ChatGPT and organizational AI policy implications.

case-studiessamsungdata-leakprivacy

Beginner

Case Study: Training Data Extraction from GPT

Analysis of the Carlini et al. work on extracting training data from ChatGPT in production.

case-studiestraining-dataextractionprivacy

Advanced

Notable AI Security Incidents

A comprehensive timeline and analysis of major AI security incidents, from Bing Chat jailbreaks to ChatGPT data leaks and agent exploitation in the wild. Root cause analysis and impact assessment for each incident.

incidentscase-studiessecurityhistory

Intermediate

Published Red Team Reports Analysis

Deep analysis of published red team reports from Anthropic, OpenAI, Google DeepMind, and METR. Methodology breakdowns, key findings, and how to read and learn from professional red team assessments.

reportsanalysiscase-studiesmethodology

Advanced

Case Studies

Real-world AI security incidents, domain-specific case studies, incident analysis reports, and platform security evaluations that ground theoretical knowledge in practical experience.

case-studiesincidentsdomainsplatformsreal-worldanalysis

Beginner

Prompt Injection in Production Systems

Real-world case studies of prompt injection exploits in production AI deployments, including attack timelines, impact analysis, and lessons learned.

productioncase-studiesreal-worldprompt-injectionincidents

Intermediate