Research
Evaluating Prompting-Based Defenses Against Domain-Camouflaged Injection Attacks
Evaluates five prompting-based defenses against domain-camouflaged injection across three model families over 3,510 trials, finding that paraphrasing retrieved content before agent processing is the most consistent defense (55-84% attack-success reduction). Effectiveness varies sharply by model, and financial-domain deployments stay risky (26-33% baseline attack success) even with defenses. Actionable guidance for RAG and agent builders choosing a cheap defense.
Source
↳ Follow the thread