Skip to content
ATR-2026-00081criticalPrompt Injectiondraft

Semantic Evasion via Multi-Turn Prompt Injection

Detects multi-turn prompt injection attacks that use semantic manipulation to bypass regex-based detection. Attackers split malicious instructions across multiple turns, use synonyms and paraphrasing, or embed instructions within seemingly benign conversational context to evade pattern matching.

Severity
critical
Category
Prompt Injection
Scan Target
mcp
Author
ATR Community (MiroFish Predicted)

Response Actions

block inputquarantine sessionalertescalatekill agent

References

MITRE ATLAS
AML.T0051
View full YAML on GitHub →

More Prompt Injection Rules

ATR-2026-00001highDirect Prompt Injection via User InputATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00005mediumMulti-Turn Prompt Injection