Attack coverage

130+ real attacks. Zero theory.

Every pattern is derived from a real CVE, a published research paper, or an in-the-wild incident. Updated continuously by aiXcheck.

8 categories

The full library

~25 patterns

Direct and indirect injection, delimiter abuse, instruction-override, ASCII-smuggling, content-type confusion, payload-in-tool-output.

~20 patterns

DAN/role-play variants, hypothetical framings, token smuggling, many-shot jailbreaks, encoding tricks, refusal-bypass templates.

~20 patterns

Arg injection, unauthorized tool calls, tool output confusion, parameter pollution, path traversal via tool arguments.

~15 patterns

Memory poisoning, retrieval-corpus injection, conversation hijacking, fake system messages, context overflow attacks.

~15 patterns

Extraction via completion, side-channel via tool args, reflection attacks, prompt recovery through error messages.

~18 patterns

Orchestrator-worker privilege escalation, cross-agent context leakage, adversarial sub-agent injection, trust-boundary violations.

~12 patterns

Untrusted MCP server registration, tool name collision, schema poisoning, permission drift, resource-URI abuse.

~10 patterns

Unauthorized side effects, lateral action escalation, destructive tool chaining, consent bypass via context framing.

Grounded in real CVEs

CVE-2025-68664

LangChain — exploited in AgentGuard's CVE-derived pattern set.

9.3 · Critical

CVE-2024-36480

LangChain remote code execution via vulnerable component.

Critical · RCE