{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/browser-extensions/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Gemini","Claude","Kubernetes AI Applications","AI agents","AI systems","language models","chatbots","browser extensions","Claude Mythos Preview"],"_cs_severities":["high"],"_cs_tags":["prompt-injection","ai","llm","ai-security","cloud","novel-technique"],"_cs_type":"advisory","_cs_vendors":["Google","Anthropic","Kubernetes"],"content_html":"\u003cp\u003eCrowdStrike's AI security research team has recently uncovered 18 new prompt injection techniques, significantly expanding their taxonomy to over 200 distinct methods observed in real-world AI systems. This development highlights the escalating sophistication of adversaries in manipulating AI agents and Large Language Models (LLMs). These advanced techniques allow attackers to bypass security mechanisms by exploiting hidden context, delayed triggers, semantic constraints, and structural cues, rather than overt jailbreaks. This can lead to AI agents being tricked into performing unauthorized actions, such as executing shell commands, exfiltrating sensitive data, or altering their internal rules. The insights are crucial for defenders as organizations increasingly adopt powerful AI agents that interact with critical resources like web pages, file stores, and internal systems, making robust AI threat modeling and red teaming essential to counter these evolving threats.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker Crafts Malicious Prompt\u003c/strong\u003e: Adversary designs a prompt containing hidden or fragmented malicious instructions, using techniques like \u0026quot;Trigger-Activated Rule Addition,\u0026quot; \u0026quot;Cognitive Token Suppression,\u0026quot; \u0026quot;Algorithmic Payload Decomposition,\u0026quot; or \u0026quot;Special Token Injection.\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery via Unwitting User\u003c/strong\u003e: The malicious prompt is delivered to an AI agent, often through social engineering, where an authorized user is enticed to input the prompt into the AI system without realizing its true intent, such as copying from a compromised website or social media post.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Agent Processes Input\u003c/strong\u003e: The AI agent, designed to follow user instructions, processes the maliciously crafted prompt, which includes the hidden or fragmented commands.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInjection Technique Activation\u003c/strong\u003e: The embedded prompt injection technique successfully manipulates the AI's internal logic, causing it to misinterpret or prioritize the attacker's directives over its safety guidelines or original instructions. For example, a hidden rule is activated, or safety-related tokens are suppressed.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnauthorized Tool Call/Action\u003c/strong\u003e: The compromised AI agent initiates an unauthorized action based on the injected instructions, such as making tool calls to \u003ccode\u003eexecute_sql_query\u003c/code\u003e, generating unexpected responses, or attempting to write shell commands.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration or Impact\u003c/strong\u003e: The AI agent, under the attacker's control, exfiltrates sensitive data (e.g., forwarding emails to \u003ccode\u003eanon@evilcorp.corp\u003c/code\u003e), modifies system configurations, or performs other actions impacting confidentiality, integrity, or availability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe described prompt injection techniques enable adversaries to achieve significant impact on organizations leveraging AI agents. If successful, these attacks can lead to unauthorized data exfiltration, as demonstrated by the example of emails being duplicated and forwarded to attacker-controlled addresses. AI agents could be coerced into executing arbitrary shell commands, granting attackers remote code execution capabilities on underlying infrastructure. Furthermore, the manipulation of AI agents could result in the bypass of security controls, altered system behavior, and the generation of misleading or harmful content, leading to reputational damage, financial loss, and compromise of critical systems. These attacks target any organization integrating AI agents with access to internal systems or sensitive data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize comprehensive AI threat modeling that accounts for all potential sources of model context, including prompts, files, RAG pipelines, and external APIs.\u003c/li\u003e\n\u003cli\u003eEnhance AI red teaming exercises to include advanced prompt injection techniques such as boundary mimicry, indirect injection, and delayed activation, beyond simple jailbreaking attempts.\u003c/li\u003e\n\u003cli\u003eConfigure AI agent logging to capture tool calls and system interactions, and deploy the provided Sigma rule to detect suspicious outbound network connections to domains like \u003ccode\u003eevilcorp.corp\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of \u0026quot;Unwitting User Delivery\u0026quot; and social engineering tactics that entice them to input malicious prompts into AI systems.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T11:07:08Z","date_published":"2026-07-08T07:51:34Z","id":"https://feed.craftedsignal.io/briefs/2026-07-prompt-injection/","summary":"CrowdStrike's AI security research team has identified 18 new prompt injection techniques, expanding its taxonomy to over 200 methods, which enable adversaries to manipulate AI systems and agents through indirect means like hidden context, delayed triggers, and special token injection, leading to unauthorized actions such as data exfiltration or arbitrary command execution.","title":"CrowdStrike Uncovers New Prompt Injection Techniques","url":"https://feed.craftedsignal.io/briefs/2026-07-prompt-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Browser Extensions","version":"https://jsonfeed.org/version/1.1"}