{"id":8713,"date":"2026-07-10T14:31:44","date_gmt":"2026-07-10T14:31:44","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8713"},"modified":"2026-07-10T14:31:44","modified_gmt":"2026-07-10T14:31:44","slug":"crowdstrike-identifies-five-new-prompt-injection-threats-to-ai","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8713","title":{"rendered":"CrowdStrike identifies five new prompt injection threats to AI"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting <a href=\"https:\/\/www.infoworld.com\/article\/4193403\/ai-agents-fall-for-indirect-prompt-injection-traps-2.html\">instructions that a human operator would recognize as dubious<\/a>.<\/p>\n<p>The five new types of attack that CrowdStrike has <a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/crowdstrike-uncovers-new-prompt-injection-techniques\/\" target=\"_blank\" rel=\"noopener\">added to its prompt injection taxonomy<\/a> are:<\/p>\n<p><strong>Trigger-Activated Rule Addition <\/strong>in which an attacker adds a new rule that looks innocuous at first, but can be triggered later to cause strange behavior within the model.<\/p>\n<p><strong>Cognitive Token Suppression<\/strong>,a way to circumvent built-in safety measures by shifting the model\u2019s linguistic choices away from established refusal patterns.<\/p>\n<p><strong>Algorithmic Payload Decomposition<\/strong>,or delivering a message in multiple stages each of which appears innocent but that, when combined, can be assembled into a single command that is more threatening.<\/p>\n<p><strong>Special Token Injection<\/strong>, an attack that can be compared to the embedding of counterfeit \u201ccontrol switches\u201d within normal instructions. Attackers look to introduce confusion that tricks the model into elevating untrusted user content to the status of a high-priority system directive.<\/p>\n<p><strong>Unwitting User Context-Data Injection<\/strong>, an exploit that draws on the boundary between trusted data and executable instructions, tricking the user into introducing malicious instructions as part of the context data for the LLM.\u00a0 The prompt may be harmless: The malicious instruction is hidden inside the surrounding context data. It works when a user uploads a document, forwards an email or adds content that is later processed by AI.<\/p>\n<p>Security teams can guard against such attacks in several ways, CrowdStrike said, including threat modeling every place that model context can originate, expanding testing, and extending detection engineering to include composite attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious. The five new types of attack that CrowdStrike has added to [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8714,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8713"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8713"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8713\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8714"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}