A new attack highlights the growing risks of AI prompt injection. Researchers found that malicious instructions can hide inside images. These prompts remain invisible until the image is downscaled by an AI system. Once revealed, they can trigger dangerous actions, including data theft.
How the Attack Works
AI systems often resize images before processing. Attackers exploit this step. They embed instructions in high-resolution images. When downscaled, subtle patterns become visible to the model. These patterns function as hidden prompts that the AI reads as commands.
Trail of Bits showed how this works in practice. They used the attack against Google’s Gemini CLI. Once downscaled, the hidden text appeared and forced the model to follow harmful instructions. This included attempts to steal sensitive data.
Why It Matters
AI prompt injection is not a new concern, but this version is harder to detect. It bypasses traditional safeguards because the malicious text is not visible to human reviewers. Instead, it emerges only after the system resizes the image.
This makes multimodal AI systems especially vulnerable. These platforms process both text and images. They may trust visual data without realizing it contains hidden commands. As a result, attackers can bypass filters and gain unintended access.
Defense Measures
Organizations can take several steps to reduce risks:
- Avoid automatic downscaling of images where possible.
- Use secure algorithms that sanitize unusual patterns.
- Inspect images after resizing for hidden instructions.
- Add strict input filtering for both text and visuals.
- Conduct adversarial testing to expose weaknesses before attackers do.
Conclusion
AI prompt injection through downscaled images shows how creative attackers can be. Hidden prompts can force AI models to act in harmful ways, including leaking sensitive data. By tightening image processing and improving safeguards, developers can limit exposure to this new and stealthy threat.
0 responses to “AI Prompt Injection via Downscaled Images”