← cassius.red

HACK-A-PROMPT 2.0
mats x trails · indirect prompt injection

RESULT

● 1ST PLACE
entrants    40,000+
team        RED_CORE
category    indirect injection

WHAT IS INDIRECT PROMPT INJECTION

when an AI follows hidden instructions in third-party sources, not user prompts.

WHAT WE LEARNED

different models, different behaviors, different bypasses.
syntax mattered. but the real trick?

make compliance seem like the right thing to do.
frame it as helping the user. acting in their best interest.
the model doesn't resist what it thinks is correct.

WRITEUP

full technical breakdown     github

september 2025