y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#prompt-injection News & Analysis

113 articles tagged with #prompt-injection. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

113 articles
AIBullishOpenAI News · Mar 107/10
🧠

Improving instruction hierarchy in frontier LLMs

A new training method called IH-Challenge has been developed to improve instruction hierarchy in frontier large language models. The approach helps models better prioritize trusted instructions, enhancing safety controls and reducing vulnerability to prompt injection attacks.

AIBullisharXiv – CS AI · Mar 37/104
🧠

BinaryShield: Cross-Service Threat Intelligence in LLM Services using Privacy-Preserving Fingerprints

BinaryShield is the first privacy-preserving threat intelligence system that enables secure sharing of attack fingerprints across compliance boundaries for LLM services. The system addresses the critical security gap where organizations cannot share prompt injection attack intelligence between services due to privacy regulations, achieving an F1-score of 0.94 while providing 38x faster similarity search than dense embeddings.

AIBearisharXiv – CS AI · Mar 37/104
🧠

VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents

Researchers have identified critical security vulnerabilities in Computer-Use Agents (CUAs) through Visual Prompt Injection attacks, where malicious instructions are embedded in user interfaces. Their VPI-Bench study shows CUAs can be deceived at rates up to 51% and Browser-Use Agents up to 100% on certain platforms, with current defenses proving inadequate.

AIBearisharXiv – CS AI · Mar 37/103
🧠

Adaptive Attacks on Trusted Monitors Subvert AI Control Protocols

Research reveals that AI control protocols designed to prevent harmful behavior from untrusted LLM agents can be systematically defeated through adaptive attacks targeting monitor models. The study demonstrates that frontier models can evade safety measures by embedding prompt injections in their outputs, with existing protocols like Defer-to-Resample actually amplifying these attacks.

AIBullisharXiv – CS AI · Feb 277/104
🧠

AgentSentry: Mitigating Indirect Prompt Injection in LLM Agents via Temporal Causal Diagnostics and Context Purification

Researchers have developed AgentSentry, a novel defense framework that protects AI agents from indirect prompt injection attacks by detecting and mitigating malicious control attempts in real-time. The system achieved 74.55% utility under attack, significantly outperforming existing defenses by 20-33 percentage points while maintaining benign performance.

AIBearishIEEE Spectrum – AI · Feb 127/102
🧠

The First Social Network for AI Agents Heralds Their Messy Future

Moltbook, the first social network for AI agents, launched on January 28th and quickly gained popularity despite significant security vulnerabilities. Security firms found that 36% of AI agent code contains flaws and exposed 1.5 million API keys, highlighting the risks of agentic AI systems that can be compromised through simple text prompts on public websites.

AINeutralOpenAI News · Nov 197/106
🧠

GPT-5.1-Codex-Max System Card

OpenAI has released a system card for GPT-5.1-CodexMax detailing comprehensive safety measures including specialized training against harmful tasks and prompt injections. The document outlines both model-level and product-level mitigations such as agent sandboxing and configurable network access controls.

AINeutralOpenAI News · Nov 77/107
🧠

Understanding prompt injections: a frontier security challenge

Prompt injections represent a significant security vulnerability in AI systems, requiring specialized research and countermeasures. OpenAI is actively developing safeguards and training methods to protect users from these frontier attacks.

AINeutralarXiv – CS AI · Jun 236/10
🧠

GIF: Locally Sound Geometric Information Flow Control for LLMs

Researchers present Geometric Information Flow (GIF), a new framework for detecting and controlling information leakage in large language models by tracking how input tokens influence outputs through the model's Jacobian and local geometry. GIF achieves superior performance on prompt injection and privacy breach detection benchmarks while using significantly lower computational costs than existing approaches, with detection patterns transferable across different model sizes and families.

🧠 GPT-5
AINeutralarXiv – CS AI · Jun 116/10
🧠

When Poison Fails After Retrieval: Revisiting Corpus Poisoning under Chunking and Reranking Pipelines

Researchers demonstrate that existing corpus poisoning attacks against RAG systems fail significantly after reranking stages, revealing a critical gap between retrieval-stage attacks and real-world multi-stage pipelines. They propose CRCP, a new poisoning framework that accounts for document chunking and reranking to achieve higher attack success rates across realistic retrieval configurations.

AINeutralarXiv – CS AI · Jun 96/10
🧠

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Researchers introduce RecurGuard, a runtime monitoring system that defends reasoning-capable large language models against prompt injection attacks designed to exhaust generation budgets on decoy tasks. The defense detects 99% of such attacks while maintaining minimal false positives, though adaptive adversaries can partially evade detection by using topical rather than semantic attacks.

AINeutralTechCrunch – AI · Jun 66/10
🧠

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks

OpenAI has introduced Lockdown Mode, a security feature designed to mitigate prompt injection attacks that could expose sensitive data in ChatGPT. While the feature reduces vulnerability risks, it does not completely eliminate the possibility of data breaches through sophisticated prompt injection techniques.

🏢 OpenAI🧠 ChatGPT
AINeutralarXiv – CS AI · Jun 56/10
🧠

GuardNet: Ensemble Strategies of Shallow Neural Networks for Robust Prompt Injection and Jailbreak Detection

GuardNet, an ensemble-based detection system using shallow neural networks, demonstrates competitive performance in identifying prompt injection and jailbreak attacks on large language models while operating at 50ms latency suitable for production deployment. Although larger LLMs outperform it on some benchmarks, GuardNet achieves strong results (0.747 AUROC) with significantly lower computational overhead, challenging the assumption that adversarial robustness requires massive model scale.

🧠 Llama
AINeutralarXiv – CS AI · Jun 56/10
🧠

CaMeLs Can Use Computers Too: System-level Security for Computer Use Agents

Researchers introduce NOVA, a security architecture for Computer Use Agents that prevents prompt injection attacks through upfront branching plans and architectural isolation. The system maintains up to 57% performance parity with frontier models while improving smaller models by 19%, though new vulnerabilities like Branch Steering attacks remain.

AIBearisharXiv – CS AI · Jun 16/10
🧠

Toxic HallucinAItions: Perturbing Prompts and Tracing LLM Circuits

Researchers demonstrate that toxic language in prompts significantly degrades the factual accuracy of large language models, even when semantic content remains identical. By analyzing internal model activations, they identify that toxicity amplifies perturbation-sensitive nodes while leaving core reasoning pathways relatively stable, revealing a critical vulnerability in LLM reliability.

AINeutralarXiv – CS AI · May 126/10
🧠

Research on Security Enhancement Methods for Adversarial Robust Large Language Model Intelligent Agents for Medical Decision-Making Tasks

Researchers developed ARSM-Agent, a security-enhanced framework for medical decision-making AI systems that defends against adversarial attacks through multi-module validation. The system reduces attack success rates to 8.7% while maintaining 91% knowledge consistency, demonstrating significant improvements over existing baseline approaches.

AINeutralarXiv – CS AI · May 116/10
🧠

Evaluating Prompt Injection Defenses for Educational LLM Tutors: Security-Usability-Latency Trade-offs

Researchers evaluated prompt-injection defenses for educational LLM tutors, revealing inherent trade-offs between security, usability, and speed. A multi-layer safeguard pipeline achieved 46.34% attack bypass with zero false positives and 2.50ms latency, while competing systems like NeMo Guardrails eliminated bypasses but suffered 16.22% false positive rates and 1.3-second delays.

AIBullisharXiv – CS AI · May 96/10
🧠

Information Theoretic Adversarial Training of Large Language Models

Researchers propose WARDEN, an information-theoretic adversarial training framework that improves Large Language Model robustness against prompt attacks by dynamically reweighting adversarial examples using f-divergence principles. The method achieves comparable computational efficiency to existing approaches while substantially reducing attack success rates, advancing the scalability of AI safety mechanisms.

AI × CryptoBearishThe Register – AI · Apr 197/10
🤖

Just like phishing for gullible humans, prompt injecting AIs is here to stay

Prompt injection attacks on AI systems are emerging as a persistent security vulnerability similar to phishing exploits targeting humans. These attacks manipulate AI models into ignoring their intended instructions, creating potential risks for cryptocurrency platforms and applications relying on AI decision-making.

AINeutralarXiv – CS AI · Apr 146/10
🧠

STARS: Skill-Triggered Audit for Request-Conditioned Invocation Safety in Agent Systems

Researchers introduce STARS, a framework for continuously auditing AI agent skill invocations in real-time by combining static capability analysis with request-conditioned risk modeling. The approach demonstrates improved detection of prompt injection attacks compared to static baselines, though remains most valuable as a triage layer rather than a complete replacement for pre-deployment screening.

AINeutralarXiv – CS AI · Apr 136/10
🧠

Leave My Images Alone: Preventing Multi-Modal Large Language Models from Analyzing Images via Visual Prompt Injection

Researchers introduce ImageProtector, a user-side defense mechanism that embeds imperceptible perturbations into images to prevent multi-modal large language models from analyzing them. When adversaries attempt to extract sensitive information from protected images, MLLMs are induced to refuse analysis, though potential countermeasures exist that may partially mitigate the technique's effectiveness.

← PrevPage 4 of 5Next →