PROMPT INJECTION
(4)4 hack(s).
Encoded prompt injection: when guardrails fail because the LLM decodes the payload
On May 4, 2026 a tweet written in Morse code drained around $175K from a Grok-controlled crypto wallet. The incident is the most expensive demonstration to date of an old defensive blind spot — string-matching guardrails can't see through encodings that the model itself happily decodes.
Font-mapping prompt injection: when peer review becomes an LLM attack surface
A May 25, 2026 arXiv benchmark shows hidden font-mapping payloads can flip LLM peer reviews from reject to accept. ICML 2026 already used the same trick in reverse to desk-reject 497 papers.
Copirate 365: chaining prompt injection, delayed tool invocation and memory hijack in M365 Copilot (CVE-2026-24299)
Johann Rehberger's DEF CON writeup, published May 2026, walks through a five-stage indirect prompt-injection chain that turns one booby-trapped email into a persistent backdoor inside Microsoft 365 Copilot. Patched, but the patterns are generic.
ASCII Smuggling: Hidden commands via Unicode Tag characters
Unicode Tag characters (U+E0000–U+E007F) are invisible to humans but interpreted by LLMs. Attackers embed them in emails, web pages, and PDFs to inject silent commands that hijack agent behavior.