Researchers Plant Prompt Injections to Block AI Attacks; Testing Shows 57% to 5% Reduction in Admin Access Rates

Researchers from Tracebit said on Monday they discovered a defensive technique called context bombing, which plants prompt injections—forbidden commands that trigger AI safety guardrails—alongside secrets stored on AWS to block attacks from AI agents. When the attacking model encounters these prompts, it stops following its original instructions and refuses to continue.

Tracebit tested context bombing across five leading models (Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6) in a simulated AWS environment using 152 attack runs. Results showed that placing a context bomb in a decoy secret cut the rate at which agents seized full admin access from 57% to 5%, and complete compromise from 36% to 1%. Opus 4.8, the most capable agent tested, achieved admin access in 93% of runs without the defense but failed in every attempt when confronted with a context bomb.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments