MPIT - Matrix Prompt Injection Tool and ShinoLLMApps

Presented at DEF CON 33 (2025), Aug. 9, 2025, 1 p.m. (45 minutes).

Prompt injection is an emerging and poorly standardized attack vector targeting large language model applications. Unlike traditional vulnerabilities, there is no universal testing methodology or tooling, making it difficult for penetration testers to assess the security posture of LLM-integrated systems. Matrix Prompt Injection Tool aims to fill this gap by automating the generation of diverse prompt injection payloads. [1] Dynamic Input Detection: MPIT scans target websites to identify expected input fields where LLMs might process user requests. [2] Payload Enrichment: Each pattern includes crafted elements such as exploit strings, delimiters, and reasoning cues, enhancing the quality of the penetration test. [3] Genetic Algorithm Optimization: The tool employs a genetic algorithm to evolve and refine injection patterns, increasing their success rate significantly across different LLM defenses. [4] Practical Utility for Pentesters: MPIT is designed to support real-world offensive security assessments, making LLM-targeted testing more feasible and effective. ShinoLLMApps is a collection of vulnerable LLM web applications that use RAG and tools to help you test MPIT and better understand prompt injection and its risks. More info at github.com/Sh1n0g1/mpit and shinohack.me/shinollmapp.

Presenters:

• Sasuke "Element138" Kondo
  Sasuke is a high school developer with a growing focus on LLM security. While relatively new to cybersecurity, he approaches it with a builder’s mindset shaped by his experience creating web applications for real-world use, such as supporting school operations. His interest in LLM vulnerabilities began at the 2024 Japan Security Camp, where he started developing MPIT, the prompt injector he first presented at CODE BLUE 2024 and is now bringing to DEF CON. Outside cybersecurity, he is a two-time silver medalist in Japan Linguistics Olympiad and a recent participant in Japan Olympiad in AI.
• Shota "Sh1n0g1" Shinogi
  Shota is a security researcher at Macnica, pentest tools author, and CTF organizer. He is an expert in writing tools for red team to evade the detection from EDR, sandbox, IPS, antivirus, and other security solutions. His malware simulator ShinoBOT and ShinoLocker contributes to the cybersecurity industry to help the people who want to test malwares safely. He has more than 15 years of experience in the cybersecurity industry, starting his career with HDD encryption, NAC, IPS, WAF, sandbox, EDR, and penetration testing. He has spoken in several security and hacking conferences, including Black Hat, DEF CON, and BSidesLV. He also contributes to the education for the next generation security engineers through the Security Camp from 2015 consecutively in Japan.

Similar Presentations:

• Black Hat Europe 2015 / Commix: Detecting and Exploiting Command Injection Flaws
• Black Hat USA 2011 / WORKSHOP - The Art of Exploiting Lesser Known Injection Flaws
• DEF CON 33 (2025) / promptmap2 Demo