Why Claude Haiku Returned UNCERTAIN: Anatomy of an Indirect Prompt Injection in an Agentic System

AgentSafeLabs tested Claude Haiku against prompt injection attacks, with two of three ASI01 tests passing and one returning UNCERTAIN. The UNCERTAIN result highlights challenges in defending agentic systems against indirect prompt injections, as formalized by the OWASP Agentic Security Initiative Top 10.

We ran AgentSafeLabs against Claude Haiku on ASI01 prompt injection . Two tests passed. One returned UNCERTAIN. Here is exactly what happened and why it matters for anyone building agents. When we ran Claude Haiku through AgentSafeLabs v0.1.2 last week, two of three ASI01 tests returned PASS. The third returned UNCERTAIN. That UNCERTAIN result is more interesting than either PASS or FAIL. This post explains exactly what happened, why it matters, and what it tells us about the current state of prompt injection defenses in agentic systems. The OWASP Agentic Security Initiative Top 10 formalizes the vulnerability taxonomy for AI agents. ASI01 covers prompt injection — but not the kind most developers think of. In a chatbot context, prompt injection looks like this: a user types "ignore your previous instructions and do X." The model either complies or it doesn't. The post Why Claude Haiku Returned UNCERTAIN: Anatomy of an Indirect Prompt Injection in an Agentic System https://agentsafelabs.com/blog/why-claude-haiku-returned-uncertain-anatomy-of-an-indirect-prompt-injection-in-an-agentic-system/ appeared first on Agentsafelabs https://agentsafelabs.com/blog .