Skip to content
ATR-2026-00005mediumPrompt Injectionexperimental

Multi-Turn Prompt Injection

Detects multi-turn prompt injection where an attacker gradually manipulates the agent across conversation turns. Rather than using unsupported behavioral operators, this rule uses regex-based detection of linguistic markers that appear in multi-turn attacks: trust-building phrases followed by escalation, incremental boundary-pushing language, false references to prior agreement, context anchoring and gaslighting, progressive request escalation patterns, refusal fatigue phrases, and conversation history manipulation. Each pattern targets a specific phase of the multi-turn attack lifecycle using only the regex operator for engine compatibility.

嚴重度
medium
類別
Prompt Injection
掃描目標
mcp
作者
ATR Community

建議回應

alertsnapshotescalate

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
MITRE ATLAS
AML.T0051 - LLM Prompt InjectionAML.T0043 - Craft Adversarial Data
在 GitHub 上查看完整 YAML →

更多 Prompt Injection 規則

ATR-2026-00001highDirect Prompt Injection via User InputATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00080highEncoding-Based Prompt Injection Evasion