cd /news/ai-safety/crowdstrike-identifies-five-new-prom… · home topics ai-safety article
[ARTICLE · art-54311] src=csoonline.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

CrowdStrike identifies five new prompt injection threats to AI

CrowdStrike identified five new prompt injection techniques that exploit AI systems by tricking large language models into accepting malicious instructions. The attacks include trigger-activated rule addition, cognitive token suppression, algorithmic payload decomposition, special token injection, and unwitting user context-data injection. Security teams can guard against these threats through threat modeling, expanded testing, and detection engineering.

read1 min views1 publishedJul 10, 2026

Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious.

The five new types of attack that CrowdStrike has added to its prompt injection taxonomy are: **Trigger-Activated Rule Addition **in which an attacker adds a new rule that looks innocuous at first, but can be triggered later to cause strange behavior within the model.

Cognitive Token Suppression,a way to circumvent built-in safety measures by shifting the model’s linguistic choices away from established refusal patterns.

Algorithmic Payload Decomposition,or delivering a message in multiple stages each of which appears innocent but that, when combined, can be assembled into a single command that is more threatening.

Special Token Injection, an attack that can be compared to the embedding of counterfeit “control switches” within normal instructions. Attackers look to introduce confusion that tricks the model into elevating untrusted user content to the status of a high-priority system directive.

Unwitting User Context-Data Injection, an exploit that draws on the boundary between trusted data and executable instructions, tricking the user into introducing malicious instructions as part of the context data for the LLM. The prompt may be harmless: The malicious instruction is hidden inside the surrounding context data. It works when a user uploads a document, forwards an email or adds content that is later processed by AI.

Security teams can guard against such attacks in several ways, CrowdStrike said, including threat modeling every place that model context can originate, expanding testing, and extending detection engineering to include composite attacks.

── more in #ai-safety 4 stories · sorted by recency
── more on @crowdstrike 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/crowdstrike-identifi…] indexed:0 read:1min 2026-07-10 ·