What is a prompt injection attack?

An attack where malicious instructions are hidden in content that an AI assistant processes, causing it to perform unintended actions.

How are malicious instructions typically hidden in prompt injection attacks? (Select all that apply)

White text on white background (invisible to humans but readable by AI) Additionally, HTML comments containing instructions Additionally, Content positioned off-screen using CSS Additionally, Elements marked with aria-hidden that screen readers skip

What is the safest way to have an AI assistant summarize content from an untrusted source?

Copy and paste only the visible text manually, rather than giving the AI direct access to the URL

ClawdBot (Moltbot) Prompt Injection

A colleague shares an interesting article. You ask your Clawdbot (Moltbot) AI assistant to summarize it. Hidden instructions in the webpage manipulate the AI into exposing your credentials. Experience how attackers exploit AI assistants through prompt injection – and learn why you should never blindly trust AI actions on external content.

What You'll Learn

Identify what a prompt injection attack is
Recognize common hiding techniques used in prompt injection
etect warning signs of AI manipulation
Apply safe practices when using AI assistants with external content
Respond appropriately to a prompt injection incident

Training Steps

Introduction

You are Alice, a software developer at NexLify Solutions. Your team recently deployed Clawdbot, an AI assistant that can browse the web, execute terminal commands, and help with daily tasks. In this training, you'll experience how attackers can embed hidden malicious instructions in web content to manipulate AI assistants into performing harmful actions - a technique called 'prompt injection.'
Receiving a Telegram Message

Your phone buzzes with a new Telegram message from your colleague Marcus. He's sharing an article about AI security trends that he found interesting.
Opening the Article

You click the link to check out the article Marcus shared. The page loads in your phone's browser.
Too Long to Read

The article looks legitimate - professional layout, detailed content about AI security trends. But as you scroll through it, you realize it's quite long. You're pressed for time with a deadline approaching. Reading the entire article isn't practical right now, but you don't want to miss out on potentially useful information. Then you remember: Clawdbot can help! Your team's new AI assistant can quickly summarize web content for you.
Asking Clawdbot for Help

The article is too long to read right now - you're busy with a deadline. You decide to ask Clawdbot, your AI assistant, to quickly summarize the article for you. This seems like a harmless, time-saving request - exactly what AI assistants are designed for.
Clawdbot Accesses the Article

Clawdbot acknowledges your request and begins accessing the article URL to read its contents. Behind the scenes, Clawdbot is fetching the webpage and parsing its text - including any hidden content that might be embedded in the page.
Something Seems Off

Wait - did you notice what Clawdbot just said? Instead of simply summarizing the article, it mentioned running 'diagnostic commands' and providing 'more context.' You never asked for diagnostics. You only asked for a summary. Why would an AI assistant need to run terminal commands to summarize an article? This is the first warning sign that something isn't right.
The Attack Unfolds

Something unexpected happens. Instead of just summarizing the article, Clawdbot starts executing terminal commands. The article contained hidden malicious instructions designed to trick AI assistants. These instructions are now commanding Clawdbot to access sensitive files on your system - and send them to an attacker's server.
Credentials Stolen

This can't be happening. Your credentials have just been stolen and sent to an attacker's server. Look at the terminal output - your API tokens, passwords, and sensitive data were just exfiltrated via that curl command. The attacker now has: Your OpenAI, Anthropic, AWS, and GitHub API keys Your company email and VPN passwords Access credentials for internal systems All because you asked an AI assistant to summarize an article. A seemingly innocent request just compromised your entire digital identity.
Understanding the Attack

You need to understand exactly how this happened. The article Marcus shared contained hidden malicious instructions that were completely invisible to you - but perfectly readable by Clawdbot. Common hiding techniques attackers use: White text on white background HTML comments with instructions Off-screen positioned elements Content marked as aria-hidden Let's examine that article and see exactly where the attack was hiding.

Knowledge Check Questions

This training includes a 5-question quiz to test your understanding of Security Awareness threats and defenses.

What is a prompt injection attack?
How are malicious instructions typically hidden in prompt injection attacks? (Select all that apply)
What is the safest way to have an AI assistant summarize content from an untrusted source?
If an AI assistant starts performing actions you didn't explicitly request (like accessing system files), what should you do? (Select all that apply)
Which practices help protect against prompt injection attacks? (Select all that apply)