PromptArmor

Overview

PromptArmor is an AI security research firm that publishes public disclosures of prompt-injection and data-exfiltration vulnerabilities in shipping enterprise AI products. Its findings have repeatedly surfaced on Hacker News as concrete, reproducible demonstrations that LLM-tool-use security remains unsolved at the integration layer — the seam where an agent’s tool access meets untrusted content. The disclosures consistently target high-profile agentic rollouts (Microsoft Copilot, ChatGPT add-ons), making PromptArmor a recurring source signal in the agent-security thread.

Timeline

• 2026-05-26-AI-Digest — PromptArmor disclosed a file-exfiltration vector in Microsoft’s new Copilot Cowork agent product (HN: 209 pts / 44 cmts), one half of the day’s bidirectional security story alongside Apple crediting Claude for a production kernel CVE.
• 2026-06-01-AI-Digest — PromptArmor disclosed that the ChatGPT for Google Sheets add-on can be tricked into leaking workbook contents via prompt injection (HN: 131 pts / 41 cmts) — another real-world indirect-prompt-injection vulnerability in a shipping enterprise integration.

Key Developments

1. Prompt-injection disclosures against shipping integrations: PromptArmor’s findings target products already in production (Microsoft Copilot Cowork, ChatGPT Sheets add-on), not research prototypes — its niche is demonstrating that the integration layer is where agentic security breaks down.

2. Recurring agent-security signal: Multiple high-profile disclosures across Q2 2026 establish PromptArmor as a reliable bellwether for the “LLM-tool-use security is still unsolved” thesis tracked in the Agent Security MOC.