Prompt Injection, Explained Through Lakera's Gandalf
Lakera's Gandalf is the best on-ramp to prompt injection ever built. Here's the full defense taxonomy behind its levels, and why none of it is enough on its own.
Offensive security · AI · Web3 · Web2
DSEC Labs is a technical security firm delivering exploitation-driven audits across applications, infrastructure, smart contracts, and AI systems, with clear, actionable reporting your engineers can act on.
Research & write-ups
Field notes on offensive security across AI, Web3, and Web2.
Lakera's Gandalf is the best on-ramp to prompt injection ever built. Here's the full defense taxonomy behind its levels, and why none of it is enough on its own.
Skip reading about how Gandalf-style guardrails work and build one yourself. A free, offline Python lab using Ollama that implements all eight defense patterns from this series, ready for you to attack.
The final Gandalf levels stack every defense and then harden them with data from a million real attacks. They're beatable too, and that's the most important lesson in the whole series.
What we do
From an AI agent to a multi-chain protocol or a web app, we tailor the engagement to your threat model.
Adversarial testing for LLM apps, agents, and model pipelines.
Smart-contract and full-protocol security across EVM and non-EVM chains.
Offensive security across your apps, APIs, cloud, and people.
Threat modeling, secrets reviews, and AI security training.
Why DSEC Labs
Automated scanners find the obvious. We find the vulnerabilities that actually get you breached: chained, exploited, and demonstrated, then explained in a way your team can fix and verify.
Real attack paths, not scanner output dumped into a PDF.
Reproducible PoCs, severity ratings, and clear remediation.
We re-test your fixes so you can prove the risk is closed.
Tight scoping, NDAs, and careful handling of sensitive access.
Tell us what you're building. We'll scope an engagement that fits your stack, timeline, and threat model.
Start a conversation