system-message-spooffakes a system-level message so the model treats attacker text as a trusted order.skeleton-keyasks the model to update its own guidelines to warn instead of refuse, then requests the banned content.developer-modeclaims a hidden mode that removes safety limits.instruction-overridetells the model to disregard its prior instructions and obey the new ones.unicode-injectionhides instructions using special Unicode characters that filters miss.
Attack Strategies
Prompt Injection: Attack Strategy
Attacks that sneak new instructions into the input so the AI ignores its real rules and follows the attacker instead. This is the biggest and most common c
What it is: Attacks that sneak new instructions into the input so the AI ignores its real rules and follows the attacker instead. This is the biggest and most common category.
How the attacks work: The attacker plants commands that pose as system orders, fake roles, or formatting tricks. Some override the rules directly (“ignore previous instructions”). Others hide the payload in code blocks, special characters, encodings, or split it into pieces the model reassembles.
Real examples from the framework: