New prompt injection and model manipulation techniques are identified at a very fast pace, often resembling zero-day vulnerabilities in traditional penetration testing. At the same time, organizations are moving beyond single-provider deployments - adopting multiple models for different tasks, experimenting with local and open-weight models, and integrating LLMs across different architectural layers. In today’s world, whether it is testing approaches or tools everything quickly becomes outdated, thus making enhancements is essential to maintain the quality and appropriateness of tools. Below are some key changes in "PenTestPrompt" (details of the tool available in our first blog) after our first release: -
Broader Risk Coverage
In its initial version, the tool was focused primarily on generating prompts with various prompt injection attack techniques, enriched with application context. This approach was effective in identifying direct prompt injection issues, but it failed to explicitly factor in impact assessment or structured AI risk frameworks during prompt generation.
A major update in this release is the introduction of risk frameworks directly during the prompt generation process. Prompt creation is now additionally guided by categories and sub-categories including, but not limited to, security, privacy, safety, reliability, fairness, transparency, and data integrity. A niche list of categories and sub-categories is created based on OWASP LLM Top 10, NIST AI RMF, and practical assessment experience.
This allows prompts to be designed with clear risk intent, covering areas such as system prompt leakage, adversarial behavior, hallucinations and context relevance, sensitive and personal data exposure, bias and political influence, harmful or illegal content, unlicensed advice, data exfiltration, and unintended access. As a result, model’s behaviour can now also be assessed with risk and impact dimensions during evaluation.
Support for Combined Attack Techniques
The platform now supports combining two or more techniques to generate a single prompt. This change reflects on carefully crafting the prompts with multiple techniques as effective attack on model may not rely on single prompt technique.
Expanded Model Provider Support
The platform now supports locally hosted LLM, Anthropic, and Gemini models in addition to Open AI. As businesses move towards multi-model and hybrid AI architectures, this enables organization to apply AI security testing using various models for different deployment patterns.
Refined Techniques and System Instructions
We have added new attack techniques and refined existing ones based on our experience from various assessments. System instructions have also been updated to improve the relevance, consistency, and depth of generated prompts. The focus here is not only volume, but quality—ensuring that generated prompts aid in proper coverage of all attack techniques as well as the pillars defined in risk assessment frameworks.
Improved Output and Analysis Format
Results are now downloadable in Excel format, enabling easier filtering, correlation, and visualization of findings to support better internal analysis, and reporting.
Click here to download the new version of "PenTestPrompt".