
Prompt Injection: The Hidden Risk in AI Assistants
Hidden instructions in a web page, email, or document can hijack an AI assistant into leaking data or taking actions on your behalf. It's OWASP's #1 LLM risk - and it grows as AI agents gain access.
Security awareness tips, industry news, and product updates.

Hidden instructions in a web page, email, or document can hijack an AI assistant into leaking data or taking actions on your behalf. It's OWASP's #1 LLM risk - and it grows as AI agents gain access.

"Are you available? I need a quick favor." It's the opening line of a gift card scam impersonating your CEO - low-tech, high-volume, and aimed at new and junior staff. Here's the pattern and the one rule that stops it.

empowsec lets you bundle modules into courses, assign them to users or departments with due dates, automate reminders and manager escalations, and set up annual renewals - so compliance training runs itself rather than requiring manual follow-up.

A trusted supplier emails to say their bank details have changed. Pay the new account and the money is gone. Here is how vendor email compromise drives invoice fraud — and the verification controls that stop it.

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

empowsec delivers training in each employee's own language: modules, courses, interactive lessons, and phishing templates all support per-language translations, with bulk import tooling and hreflang SEO for public pages.

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

A threatening email claims to have webcam footage and demands Bitcoin — and it even quotes one of your old passwords. Here is why these extortion scams are almost always empty bluffs, and how to help employees respond calmly.

empowsec training pages can include spoken narration generated by text-to-speech, available in both English and German, with multiple natural-sounding voice choices per page. Narration improves accessibility and supports learners who absorb information better by listening.

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

The FBI's 2025 Internet Crime Report tallies a record $20.9 billion in losses, with business email compromise close to the top. Here's what the numbers mean and the controls that actually help.

Part 2 of empowsec's interactive page types covers the hands-on practice formats: click-to-match, ordering, fill in the blanks, email red-flag finder, and chat simulation - each designed to make learners practice the skill, not just read about it.