In this talk Donato shares insights and tooling we developed at Reversec from two years of security assessments of LLM applications and GenAI use cases, focusing on practical cyber security risks. These risks stem from the interaction between LLMs and the applications that rely on them, leading to exploitable outcomes such as data exfiltration, XSS, and resource exhaustion—rather than generating harmful content, as seen in typical “LLM red teaming”. Donato also introduces Spikee, an open-source tool to tackle these challenges, aimed at practitioners such as security testers and developers. Built from our hands-on experience, Spikee addresses the specific prompt injection risks in LLM applications, enabling evaluation of vulnerabilities across the entire LLM application pipeline and providing actionable insights to secure these systems.