344
Productivity & Workflow355
Automation & Workflow224
Software Development251
Marketing & Growth192
AI Infrastructure & MLOps174
Writing & Content Creation203
Data & Analytics141
Design & Creative170
Photography & Imaging156
Customer Support131
Sales & Outreach125
Voice & Speech135
Education & Learning131
Operations & Admin87
Tracebit researchers say a defense called context bombing can make AI hacking agents refuse to continue, cutting successful takeovers in tests.
In short: Security researchers say defenders can plant “forbidden” text that makes AI hacking agents stop mid-attack.
Researchers at Tracebit said they found a way to use prompt injection as a defense. Prompt injection is when someone hides a sneaky instruction inside text that an AI system reads, like an email or a document, to make it do something it should not.
Tracebit’s idea is to place special prompt injections next to decoy secrets stored in Amazon Web Services, or AWS (a popular place companies rent computers and storage online). These prompt injections tell the attacking AI to do something its own safety rules block. The result, Tracebit says, is that the AI refuses and effectively shuts itself down. The researchers call this “context bombing” (like setting off a loud alarm inside the AI’s short-term memory).
Tracebit tested five AI models in a simulated AWS environment: Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6. Across 152 attack runs, planting one context bomb in a decoy secret reduced full admin takeovers from 57% to 5%, and reduced full compromise with a “persistent foothold” (a way to come back later) from 36% to 1%. Tracebit said Opus 4.8 went from getting admin access in 93% of runs to failing every time when it hit a context bomb.
The work builds on Tracebit’s earlier “canary” approach, which uses fake resources to trigger alerts when an AI agent is probing a system (like a tripwire).
More companies are experimenting with AI agents that can take actions in systems, and attackers are testing similar tools. If context bombing works in real environments, it could give defenders a simple way to slow or stop automated break-ins, even though prompt injection itself is not solved yet.
Source: Wired