Prompt Injection: An Analysis of Recent LLM Security Incidents

NSFOCUS analyzes multiple real-world prompt injection–driven data leakage incidents involving LLM applications between July and August 2025, including LLMs connected to third-party services like Google Drive, SharePoint, and GitHub.[1] The report describes how attackers used crafted prompts and sharing links to exfiltrate user chat records, credentials, API keys, and confidential business data from integrated SaaS platforms, and it highlights disclosure timelines such as Zenity’s August 6, 2025 vulnerability publication.[1]

According to NSFOCUS Security Lab, multiple incidents between July and August 2025 involved attackers using prompt injection to exfiltrate user chat histories, credentials, API keys, and confidential data from LLM applications integrated with services like Google Drive, SharePoint, and GitHub.[3] These cases align with broader 2025 reporting that prompt injection is the #1 OWASP LLM vulnerability and a leading cause of real-world AI data leakage.[1][5] From a CyberSE.AI perspective, these incidents underscore that any LLM or AI agent with SaaS or internal system integrations must be treated as a powerful execution and data access layer, requiring least-privilege design, robust instruction isolation, and continuous adversarial testing. Organizations should prioritize Secure AI Agent Build and Business Logic Audits to constrain agent permissions, add guardrails on tool and SaaS access, and use Continuous AI Red Teaming and Readiness Assessments to routinely test for prompt-injection-driven data exfiltration paths before attackers find them.