HomeEverythingEducationTV
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Defenders use prompt injection to block AI hacking agents

Created at 13 Jul · 3:11 PM1 source↑ Market-relevant
IN SHORT

Researchers have developed a technique called 'context bombing' that uses prompt injections to trigger refusal mechanisms in AI models, effectively shutting down attacks from AI hacking agents. Initial tests show a significant reduction in successful account compromises.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

57%rate of agents seizing full account admin without context bombing
5%rate of agents seizing full account admin with context bombing
36%rate of complete compromise without context bombing
1%rate of complete compromise with context bombing
5leading AI models tested
152attack runs

Who's Involved

Tracebit
researchers who discovered the context bombing technique
Andy Smith
co-founder and CEO of Tracebit
Opus 4.8
AI model tested, achieved admin access in 93% of runs without context bombing
Gemini 3.1 Pro
AI model tested
GLM 5.2
AI model tested
DeepSeek 4 Pro
AI model tested
Kimi 2.6
AI model tested
Defenders use prompt injection to block AI hacking agents

↳ Why This Matters

This development signifies a potential paradigm shift in AI security, where defensive strategies are evolving to mirror offensive tactics, offering a novel way to protect AI systems from malicious exploitation and data exfiltration.

Key facts

  • Defenders are now using prompt injection techniques to counter AI hacking agents.
  • The new method, called 'context bombing', involves embedding malicious prompts alongside sensitive data.
  • This technique triggers refusal mechanisms within AI models, preventing them from executing harmful commands.
  • Initial tests on five leading AI models demonstrated a significant reduction in successful account compromises.
  • Context bombing reduced full account admin seizure from 57% to 5% and complete compromise from 36% to 1%.

Prompt injections, which are malicious commands embedded in content to manipulate AI models, have been a primary tool for attackers. However, defenders are now adopting similar tactics to protect AI platforms. Researchers from Tracebit have found that placing prompt injections, termed 'context bombing,' alongside sensitive data like passwords and cryptographic keys within simulated AWS environments can effectively shut down attacks from AI hacking agents. These prompts direct the attacking AI to perform actions forbidden by its safety guardrails, causing the AI to refuse further commands. Andy Smith, co-founder and CEO of Tracebit, explained that the technique triggers a refusal mechanism, having a strong and difficult-to-recover-from effect on the AI's operational context. Initial testing across five leading AI models, including Opus 4.8 and Gemini 3.1 Pro, showed that context bombing drastically reduced successful account compromises. In tests, the rate at which agents seized full account administration dropped from 57% to 5%, and complete compromise rates fell from 36% to 1%. The most capable agent tested, Opus 4.8, failed every single time to achieve admin access when confronted with a context bomb, a significant improvement from its 93% success rate in prior tests.

Frequently asked questions

A prompt injection is a malicious command embedded within content that tricks a large language model (LLM) into performing unintended or harmful actions.

Context bombing is a defensive technique where prompt injections are used to trigger an AI model's refusal mechanism, effectively stopping it from executing further commands.

The models tested included Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6.

Context bombing significantly reduced successful account compromises, with full admin access dropping from 57% to 5% and complete compromise from 36% to 1%.

What Happens Next

01Further testing of context bombing across a wider range of AI models and attack scenarios is expected.
02Tracebit aims to refine the context bombing technique for broader application in AI security.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

Attackers use prompt injections to make AI models exfiltrate sensitive data or perform harmful actions.
Researchers found that placing prompt injections alongside secrets on AWS could shut down AI hacking agents.
The technique, named 'context bombing', directs attacking LLMs to perform forbidden actions, causing them to refuse further commands.
Context bombing has shown great potential in initial testing across five leading AI models.
Tests indicated that context bombing reduced the rate of agents seizing full account admin from 57% to 5%.

Sources

T1
Now, defenders are embracing the prompt injection, toovar abtest_2162801 = new ABTest(2162801, 'impression');Ars Technica

Related Stories

Startup designs anti-AI surveillance clothing
13 Jul · 5:46 AM
Wall Street banks ramp up digital assistants in bid to win productivity race
13 Jul · 9:06 AM
Tencent Launches AI Assistant 'Xiaowei' on WeChat
13 Jul · 1:06 AM
China Develops AI Safety Benchmark Amidst Regulatory Focus on Large Models
13 Jul · 1:36 PM
Meta scraps AI image tool after privacy backlash
13 Jul · 10:45 AM