Invisible prompt injection is a sophisticated technique that manipulates language model responses by embedding invisible Unicode characters.

This solution aims to mitigate the risks of prompt injection by filtering AI prompts and ensuring secure interactions with GenAI services.

Overall, the combination of proactive filtering and robust monitoring solutions like ZTSA is crucial for preventing sensitive data leakage and ensuring the reliability of AI outputs.

To safeguard against such risks, it is essential to filter out documents containing invisible characters when compiling knowledge databases for AI.

By employing advanced prompt injection detection, ZTSA effectively protects against these types of attacks, demonstrating its value in maintaining AI integrity.

The implementation of invisible prompt injection can be executed with minimal effort, as evidenced by a simple Python function that converts text into its tagged Unicode equivalent.

AI applications that aggregate information from various sources, such as emails and PDFs, may inadvertently process these hidden malicious contents, resulting in harmful outputs.

In response to these vulnerabilities, the Trend Vision One™ ZTSA – AI Service Access provides a zero trust access control solution that monitors AI usage and inspects prompts and responses.

Tests have shown that ZTSA significantly reduces the Attack Success Rate (ASR) of language models susceptible to invisible prompt injections, achieving a drop to 0% ASR in several instances.

This method utilizes a specific range of Unicode characters, from E0000 to E007F, which are intended for metadata tagging, allowing for easy generation while preserving the original text's meaning.

For instance, a seemingly innocent question about the capital of France can be altered by appending invisible characters, leading to incorrect responses from the language model.