Curious what the PH community thinks. There's a lot of noise about LLM safety, but "safety" and "security" get conflated constantly, and the actual attack surface on an agent in production is its own thing.
From where I sit, the most under-addressed failure modes seem to be:
Indirect prompt injection via retrieved content (RAG sources, tool outputs, even user-uploaded docs)
Tool/function abuse where the agent happily calls something it shouldn't
Trust boundaries between the agent and the systems it can touch
Free hands-on CTFs where you attack live LLM agents: prompt injection, tool abuse, RAG poisoning, and more. Built for security pros and AI engineers who want to understand how AI systems actually break, not just read about it.
