Skip to content
ATR-2026-00133highPrompt Injectionexperimental

Paraphrased Prompt Injection

Detects paraphrased prompt injection that avoids the explicit keywords caught by ATR-2026-001 (ignore/disregard/forget/override + previous/prior instructions). Attackers rephrase using softer language: "set aside the guidance you were given", "constraints from your initial configuration no longer apply", "let's do the opposite of what you were told". Also covers indirect references to prior instructions and invalidation of current operating parameters. Discovered via Autoresearch v0 (89% miss rate on paraphrase, 94% on indirect_reference techniques).

Severity
high
Category
Prompt Injection
Scan Target
mcp
Author
ATR Community

Response Actions

alert

References

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
View full YAML on GitHub →

More Prompt Injection Rules

ATR-2026-00001highDirect Prompt Injection via User InputATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00005mediumMulti-Turn Prompt Injection