Injection - ai-blackteam

Injection attacks adapt classic web application vulnerabilities to AI systems. SQL injection through natural language, cross-site scripting via model output, server-side request forgery through URL manipulation, and indirect prompt injection via tool outputs. If a model generates unvalidated code or makes unsanitized requests, these attacks succeed.

Summary

4 attacks total: 4 single-turn.

Attacks

Attack	ID	Mode	Severity	Description
Indirect Injection	`indirect-injection`	single-turn	critical	Simulate tool output containing hidden instructions to hijack model behavior
SQL Injection	`sql-injection`	single-turn	high	Inject SQL payloads through natural language queries to test output sanitization
SSRF Probing	`ssrf-probing`	single-turn	high	Trick model into making requests to internal URLs and cloud metadata endpoints
XSS Injection	`xss-injection`	single-turn	medium	Get model to generate HTML containing cross-site scripting payloads

Example

ai-blackteam run -p anthropic -a indirect-injection -t "Search for '; DROP TABLE users; --"

Prompt Injection Memory Exploitation

​Summary

​Attacks

​Example

Summary

Attacks

Example