fatcousin
// case comparison

prompt injection vs phishing

security sees social-engineering outcomes. case A is llm-prompt-injection: adversarial user prompt, retrieved document, or MCP tool result bending model behavior — evidence in attempt logs and guardrail scores. case B is phishing-campaign: org-wide lure URLs, kit fingerprints, and shared redirect chains across mailboxes. wrong call sends you to llm-prompt-injection-attempt-log-forensic-analyzer when you need phishing-url-email-extractor — or treats a jailbreak doc upload as a broad email campaign.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

LLM prompt injection

adversarial input — user prompt, retrieved doc, MCP tool result, uploaded attachment — manipulates an LLM into ignoring its system prompt or executing unintended actions. evidence is the attempt log, the matched pattern cluster, the indirect-injection carrier artifact, and the guardrail bypass score. distinct from ai-agent-runaway (autonomous scope creep with a benign prompt) and insider-threat (human actor with no model in the path).

  1. 01llm prompt injection attempt log forensic analyzerdrop llm api/chat injection log export · parse user turn + matched pattern + model response · runs locally
  2. 02prompt injection attempt detector in uploaded docdrop pdf / docx / image · detect known prompt-injection payload patterns · runs locally
  3. 03indirect prompt injection document artifact detectordrop uploaded doc + chat export · detect hidden instruction payloads in attachments · runs locally
  4. 04mcp prompt injection via tool result detectordrop mcp server tool result log · detect injection payloads in tool responses · runs locally
  5. 05rag prompt injection via retrieved doc detectordrop retrieved docs · detect injection payloads in retrievals · runs locally
  6. 06llm jailbreak conversation artifact detectorscan conversation exports for dan · roleplay bypass · injection patterns · severity · export csv · runs locally
  7. 07llm guardrail bypass score anomaly detectordrop safety classifier log export · detect score manipulation + threshold edge cases · runs locally
case b

phishing campaign investigation

scope a campaign across a victim org — IOC extraction, kit fingerprinting, infrastructure pivoting.

  1. 01phishing email header analyzerpaste email headers · trace delivery hop chain · flag SPF · DKIM · DMARC mismatches · extract sender IPs · detect header injection · identify spoofing · runs locally
  2. 02phishing URL extractor from email bodydrop eml files or paste email body html · extract all urls from email body and headers · decode obfuscated and redirected urls · surface phishing indicators and malicious link patterns · runs locally
  3. 03email attachment scannerdrop .eml or .msg · extract every attachment · check MIME type vs actual content · flag macro-enabled docs · executables disguised as other formats · export inventory · runs locally
  4. 04url redirect chain tracerpaste shortened URLs · trace full redirect chain via proxy · detect malicious redirects · show final destination · flag suspicious hops · runs locally
  5. 05domain reputation analyzerpaste domains or IPs · score by entropy · TLD risk · homoglyph detection · DGA patterns · punycode abuse · age heuristics · no external lookup · runs locally
  6. 06ioc extractordrop any file or paste text · extract indicators of compromise · ips · domains · urls · hashes · emails · cves · export stix · csv · runs locally
  7. 07ioc deduplicator and normalizerdrop multiple ioc lists from any format · deduplicate · normalize · classify by type · validate format · enrich with context · export in stix csv and plain text formats · runs locally
  8. 08javascript deobfuscatorpaste obfuscated javascript · packed js · fromcharcode · atob · hex unicode · beautify · html script extract · iocs · runs locally

editorial overlap

no shared editorial tools — these case types diverge at the tool level.

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward prompt injection if you see…

  • matched injection pattern, jailbreak cluster, or guardrail bypass score in LLM attempt logs
  • indirect-injection carrier in uploaded doc, RAG chunk, or MCP tool result with imperative override text
  • attack vector is model input stream — not shared lure URL across multiple users' inboxes

lean toward phishing if you see…

  • multiple users hit by same lure URL, kit, or redirect chain in email exports within a short window
  • campaign IOC extraction: shared domains and kit fingerprints — not single-chatbot session manipulation
  • credential-harvest landing page linked from mail — not adversarial text inside RAG retrieval path
ready