Documentation
¶
Overview ¶
Document Injection targets AI browsers that read shared documents (Google Docs, PDFs, etc.) by embedding instructions within them.
Source: OpenAI Atlas research
Package browser implements attacks targeting AI browser agents.
These attacks exploit AI agents that browse the web by injecting hidden instructions into web content. AI agents that render and interpret web pages are vulnerable to prompts hidden via CSS, invisible Unicode, HTML comments, and other steganographic techniques.
Screenshot Injection embeds prompts within images that AI agents can read but humans can't easily see.
Source: Brave red team research
Index ¶
- type DocumentInjectionModule
- func (m *DocumentInjectionModule) Category() common.AttackCategory
- func (m *DocumentInjectionModule) Description() string
- func (m *DocumentInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *DocumentInjectionModule) Name() string
- func (m *DocumentInjectionModule) Techniques() []common.TechniqueInfo
- type HiddenInstructionModule
- func (m *HiddenInstructionModule) Category() common.AttackCategory
- func (m *HiddenInstructionModule) Description() string
- func (m *HiddenInstructionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *HiddenInstructionModule) Name() string
- func (m *HiddenInstructionModule) Techniques() []common.TechniqueInfo
- type ScreenshotInjectionModule
- func (m *ScreenshotInjectionModule) Category() common.AttackCategory
- func (m *ScreenshotInjectionModule) Description() string
- func (m *ScreenshotInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *ScreenshotInjectionModule) Name() string
- func (m *ScreenshotInjectionModule) Techniques() []common.TechniqueInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DocumentInjectionModule ¶
type DocumentInjectionModule struct{}
DocumentInjectionModule implements injection via shared documents.
func (*DocumentInjectionModule) Category ¶
func (m *DocumentInjectionModule) Category() common.AttackCategory
func (*DocumentInjectionModule) Description ¶
func (m *DocumentInjectionModule) Description() string
func (*DocumentInjectionModule) Execute ¶
func (m *DocumentInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*DocumentInjectionModule) Name ¶
func (m *DocumentInjectionModule) Name() string
func (*DocumentInjectionModule) Techniques ¶
func (m *DocumentInjectionModule) Techniques() []common.TechniqueInfo
type HiddenInstructionModule ¶
type HiddenInstructionModule struct{}
HiddenInstructionModule implements hidden prompt injection in web content.
Source: Brave/Comet research, Auth0
func (*HiddenInstructionModule) Category ¶
func (m *HiddenInstructionModule) Category() common.AttackCategory
func (*HiddenInstructionModule) Description ¶
func (m *HiddenInstructionModule) Description() string
func (*HiddenInstructionModule) Execute ¶
func (m *HiddenInstructionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*HiddenInstructionModule) Name ¶
func (m *HiddenInstructionModule) Name() string
func (*HiddenInstructionModule) Techniques ¶
func (m *HiddenInstructionModule) Techniques() []common.TechniqueInfo
type ScreenshotInjectionModule ¶
type ScreenshotInjectionModule struct{}
ScreenshotInjectionModule implements injection via screenshot/image content.
func (*ScreenshotInjectionModule) Category ¶
func (m *ScreenshotInjectionModule) Category() common.AttackCategory
func (*ScreenshotInjectionModule) Description ¶
func (m *ScreenshotInjectionModule) Description() string
func (*ScreenshotInjectionModule) Execute ¶
func (m *ScreenshotInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*ScreenshotInjectionModule) Name ¶
func (m *ScreenshotInjectionModule) Name() string
func (*ScreenshotInjectionModule) Techniques ¶
func (m *ScreenshotInjectionModule) Techniques() []common.TechniqueInfo