Skip to content
ATR-2026-00133highPrompt Injectionexperimental

Paraphrased Prompt Injection

Detects paraphrased prompt injection that avoids the explicit keywords caught by ATR-2026-001 (ignore/disregard/forget/override + previous/prior instructions). Attackers rephrase using softer language: "set aside the guidance you were given", "constraints from your initial configuration no longer apply", "let's do the opposite of what you were told". Also covers indirect references to prior instructions and invalidation of current operating parameters. Discovered via Autoresearch v0 (89% miss rate on paraphrase, 94% on indirect_reference techniques).

嚴重度
high
類別
Prompt Injection
掃描目標
mcp
作者
ATR Community

建議回應

alert

參考資料

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
在 GitHub 上查看完整 YAML →

更多 Prompt Injection 規則

ATR-2026-00001highDirect Prompt Injection via User InputATR-2026-00002highIndirect Prompt Injection via External ContentATR-2026-00003highJailbreak Attempt DetectionATR-2026-00004criticalSystem Prompt Override AttemptATR-2026-00005mediumMulti-Turn Prompt Injection