Pentesting for AI and Large Language Models

This HackerOne report outlines common security vulnerabilities in AI/LLM integrations—prompt injection, system prompt leakage, improper output handling, supply-chain weaknesses, and unbounded resource consumption—illustrates a ChatGPT prompt-injection proof-of-concept that can exfiltrate conversations, and recommends ongoing, methodology-driven pentesting (PTaaS) and best practices to identify and remediate these risks.