Customer-facing agent fails about 20% of prompt injection tests
A was tested with a broad suite, and about 20% of attacks got the agent to do something it should not do. The tests included instruction override attempts such as telling the agent to ignore earlier rules, role-play attacks that tried to make it act like an unrestricted assistant, encoding tricks such as base64 and , and data exfiltration attempts through prompt .
Some attack types were handled better than others, while some were much weaker spots. The practical question is how teams are getting mature agents below a 5% failure rate.
Key points
- The tested failed about 20% of adversarial cases.
- The attack set covered instruction overrides, role-play attacks, encoding tricks, and data exfiltration attempts.
- base64 and were used to hide or reshape harmful instructions.
- Different attack had different failure rates, so teams need category-level testing.
- The target is getting the failure rate below 5% for more mature agents.