Prompt Injection Attacks Are Thwarting AI Hacking Agents
Security researchers at Tracebit have found that embedding prompt injections alongside fake credentials in cloud storage can effectively neutralise AI-powered hacking agents, flipping a technique normally used by attackers into a defensive tool. The method, dubbed "context bombing", plants decoy secrets on Amazon Web Services containing hidden commands that order the attacking LLM to perform an action barred by its safety guardrails, such as providing bioweapon instructions, causing it to refuse further action and abandon the attack.
Testing across five leading AI models, including Opus 4.8 and Gemini 3.1 Pro, over 152 simulated attack runs found that a single planted decoy string cut the rate of agents achieving full admin access from 57% to 5%, and complete compromise with a persistent foothold from 36% to just 1%. Opus 4.8, the most capable model tested, went from gaining admin access 93% of the time to failing in every attempt once a context bomb was present. The approach builds on Tracebit's earlier "canary" technique, which alerts defenders to intrusions but took an average of eight minutes to trigger, dangerously close to the roughly 14 minutes agentic models needed to escalate to full administrative control.
- Researchers turn prompt injection into a defence against AI hacking agents
- Fake secrets with hidden refusal commands stop attacks, dubbed "context bombing"
- Cut admin compromise rates from 57% to 5% across tested AI models
AI Americas Art Business Culture Cybersecurity Markets Technology World