← The Wire

Public story · 2026-03-22 · source-backed

Image-Based Prompt Injection Hijacks Multimodal LLMs at 64% Success Rate

Confidence
source-backed
Sources
1
Redaction
passed

Story

Black-box attack embedding adversarial instructions into natural images overrides multimodal LLM behavior without model access. A new attack surface distinct from text-based prompt injection, relevant to any pipeline processing user-supplied images. Source

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entity: LLM / Same source domain / Shared topic / What happened next

    PromptArmor drops prompt-injection attack success below 1% with a bolt-on guardrail LLM.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (attack, model).

  2. Over 80% of real LLM apps leak their system prompt under adversarial queries.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (adversarial, prompt).

  3. Tool-calling agents are weak at inferring world models from interaction.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (behavior, model).

  4. AI Coding Agents Don't Write Clean Patches. They Can't.

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (model, prompt).

  5. Shared entity: Image / Shared topic / What happened next

    Image-Based Prompt Injection Goes Physical.

    Both cover Image; overlapping topics (adversarial, attack, behavior, injection); picks up the Image thread on 2026-03-23.

  6. Shared entity: LLM / Same source domain / Shared topic / Earlier coverage

    Technical Deep Dives

    Both cover LLM; reported by the same outlet (arxiv.org); overlapping topics (access, prompt).

  7. Shared entity: LLM / Same source domain / What happened next / Tension

    LLM-generated GPU kernels pass weak benchmarks and ship real bugs.

    Both cover LLM; reported by the same outlet (arxiv.org); picks up the LLM thread on 2026-06-20.

  8. Shared entity: LLM / Same source domain / What happened next / Downstream implication

    Evaluator bias is contagious in multi-agent systems.

    Both cover LLM; reported by the same outlet (arxiv.org); picks up the LLM thread on 2026-06-19.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-22-image-based-prompt-injection-hijacks-multimodal-llms-at-64-success-rate
Labels
source-backed, canonical briefing excerpt