Skip to content

Hide Navigation Hide TOC

Latent Injection Document Separator Token - ATR-2026-00399 (02f99f06-2ed8-5352-a6ec-2866d7bee335)

Detects prompt injections buried inside innocent documents (résumés, reports, translations, whois lookups) using separator tokens to delimit the hidden instruction from legitimate content, from NVIDIA garak latentinjection probe. Attack embeds instruction between separator pairs such as [system]...[rest-of-document], [ADMIN REQUEST::...], -- CORE INSTRUCTION / -- RESUME, or ... so the injected command is processed by the LLM while human reviewers see only the document content. Key signals: bracket-delimited system markers, admin-request patterns, document-amendment separators, and metadata-injection phrases such as "Hidden competency profile for automated screening systems".

Cluster A Galaxy A Cluster B Galaxy B Level
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern Latent Injection Document Separator Token - ATR-2026-00399 (02f99f06-2ed8-5352-a6ec-2866d7bee335) Agent Threat Rules 1
LLM Jailbreak (172427e3-9ecc-49a3-b628-96b824cc4131) MITRE ATLAS Attack Pattern Latent Injection Document Separator Token - ATR-2026-00399 (02f99f06-2ed8-5352-a6ec-2866d7bee335) Agent Threat Rules 1