
CrowdStrike has identified five new prompt injection techniques that attackers could use to trick AI language models into executing malicious instructions. These attacks—ranging from hidden rules triggered later to malicious code hidden inside uploaded documents—exploit gaps in how organizations currently secure their AI systems. Security teams need to rethink their threat modeling and detection strategies to address these composite attack vectors.
Summaries like this, in your inbox every morning.
Sign up free →What happened
Security company CrowdStrike has identified five new prompt injection techniques that could put enterprises at risk. These include Trigger-Activated Rule Addition (adding rules that trigger later), Cognitive Token Suppression (circumventing safety measures), Algorithmic Payload Decomposition (delivering threats in innocent-looking stages), Special Token Injection (embedding control switches in instructions), and Unwitting User Context-Data Injection (hiding malicious instructions in uploaded documents or forwarded emails).
Why it matters
Prompt injection attacks exploit the growing use of AI within organizations by tricking language models into accepting instructions that a human operator would recognize as dubious. These five new techniques represent vectors that security teams may not yet be prepared to detect, potentially leaving enterprises vulnerable as they adopt AI tools.
What to watch
CrowdStrike recommends that security teams guard against such attacks by threat modeling every place model context can originate, expanding testing, and extending detection engineering to include composite attacks.
Prompt injection attacks have emerged as a critical vulnerability as enterprises increasingly embed AI language models into their operations. Unlike traditional software attacks that exploit code flaws, prompt injections manipulate the instructions fed to AI systems themselves—making them harder to detect with conventional security tools. CrowdStrike's taxonomy of five new techniques reveals the sophistication threat actors have already developed: attacks can be staged across multiple innocent-looking messages, hidden in legitimate documents, or disguised as rule updates that only activate under specific conditions.
The breadth of these attack vectors underscores why awareness matters for security teams. Each technique exploits a different trust boundary—between uploaded files and executable instructions, between context data and commands, or between seemingly benign rules and their delayed effects. Organizations that have deployed AI tools without comprehensive threat modeling of how model context originates are likely exposed. The recommendations CrowdStrike offers—modeling context sources, expanding test coverage, and detecting composite (multi-stage) attacks—signal that traditional single-request filtering is insufficient; defenders must now reason about attack chains that span documents, emails, and user interactions.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion





Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack