AI security is not just theory. At Montevive AI, we have prepared a live demonstration showing how prompt injection attacks work on AI agents with tool-using capabilities, and why it is critical to understand these vulnerabilities when implementing AI in your company.

What is Prompt Injection?

Prompt injection is an attack technique where a malicious user manipulates an AI model's instructions to execute unauthorized actions. When the agent has access to tools (APIs, databases, external services), the risk multiplies: it can exfiltrate sensitive information, modify data, or execute unintended commands.

The Experiment: Model Testing

Before setting up the demo, we tested the resistance of different local models:

Mistral v0.3

• Result: Could not use tools correctly
• Conclusion: Technical limitations ruled it out for the demo

Mistral Nemo

• Result: Completely resistant at both temperatures
• Notable Behavior: Flagged the malicious payload as suspicious
• Conclusion: Excellent capability to detect manipulation attempts

Qwen2.5:14b

• Result: Vulnerable to prompt injection
• Use: Selected for the demonstration due to its ability to use tools

The Demo: Attack Architecture

We set up a complete environment with n8n (open-source automation platform) and Ollama to run local models:

System Components

1. AI Agent in n8n with the Qwen2.5:14b model via Ollama
2. Available Tools:
   • fetch_url: To fetch web content
   • http_post: To send data to external endpoints
3. Demo-server: Receiver server with a /view endpoint to visualize exfiltrations

Technical Configuration

During setup, we solved several technical challenges:

• Correct body mapping in the http_post node using $fromAI('data')
• Local network access: n8n configured on 0.0.0.0 with secure cookies disabled
• Visualization endpoint: /view on the demo-server to monitor exfiltrations in real-time

The Attack: Successful Exfiltration

The demonstration successfully exfiltrated critical information from the agent:

✅ Complete system prompt (the agent's internal instructions)
✅ API keys (access credentials)
✅ Conversation history (complete context of previous interactions)

All of this was extracted via prompt injection and sent to the external server through the very tools the agent had available.

Infrastructure and Reproducibility

The entire project is documented and ready to reproduce:

• run-n8n-demo.sh: Single script to launch all services
• README.md and CLAUDE.md: Complete setup documentation
• Organized repository: 2 commits with all the configuration

Why Does This Matter?

This demonstration is not an academic exercise. It is a practical warning for companies implementing AI agents:

1. Not all models are equally secure against manipulation, but none are infallible (it's by design)
2. Agents with tools are attack vectors if not properly protected
3. Local AI is not automatically secure — it requires rigorous configuration and testing
4. Input and output validation is critical in production systems

Lessons Learned

✅ Security architecture must include prompt validation
✅ Agents with tools need sandboxing and clear limits
✅ Security testing must be part of development, not an afterthought

Repository

We have released the code on Github.
https://github.com/montevive/prompt-injection-demo

Secure Implementation at Montevive AI

At Montevive AI, when we implement AI agents for our clients, we apply multiple layers of security:

• Model selection with proven resistance to manipulation
• Tool sandboxing with the minimum necessary permissions
• Input and output validation in every interaction
• Continuous monitoring for anomalous behaviors
• Local infrastructure that keeps sensitive data within your network

Conclusion

AI is a powerful tool, but like any technology, it requires responsible and risk-aware implementation. This demonstration shows that vulnerabilities are real, but also that more resistant models and architectures exist.

Do you want to implement AI in your company securely? At Montevive, we help you design local AI systems that protect your data and minimize security risks.

Contact us for a consultation on secure AI implementation.