惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
K
Kaspersky official blog
A
Arctic Wolf
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 热门话题
N
News | PayPal Newsroom
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
B
Blog RSS Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
W
WeLiveSecurity
Know Your Adversary
Know Your Adversary
博客园 - Franky
T
Tenable Blog
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Help Net Security
Help Net Security
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
TaoSecurity Blog
TaoSecurity Blog
S
Security Affairs
J
Java Code Geeks
小众软件
小众软件
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Apple Machine Learning Research
Apple Machine Learning Research
NISL@THU
NISL@THU
O
OpenAI News
The Cloudflare Blog
月光博客
月光博客
Google Online Security Blog
Google Online Security Blog
V
V2EX
罗磊的独立博客
美团技术团队
博客园 - 三生石上(FineUI控件)
Security Latest
Security Latest
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏

Schneier on Security

A Video Screen That Is Also a Camera - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Vulnerability in FIFA's Network - Schneier on Security AI Data Centers and the Concentration of Wealth - Schneier on Security Friday Squid Blogging: "Squidbleed" Vulnerability - Schneier on Security AI Surveillance and Social Progress - Schneier on Security The Language of AI Could Change How Humans Speak - Schneier on Security Cybersecurity and the Gap Between Skill and Ability - Schneier on Security Google Is Suing Chinese Scammers Who Are Using Gemini - Schneier on Security France to Stop Certifying Non-Quantum-Safe Encryption - Schneier on Security Flock Cameras Can Surveil Cars Without License Plates - Schneier on Security Cybersecurity Mission Creep in the US - Schneier on Security Papa Johns Surveillance-Based Advertising - Schneier on Security The Realities of AI Video Surveillance - Schneier on Security Factoring RSA Keys with Many Zeros - Schneier on Security Robot Police Officers - Schneier on Security The Chinese Control the Majority of Argentina's Squid Fleet - Schneier on Security Meta Is Testing Facial Recognition for Police and Military - Schneier on Security One Million Passports Leaked Online - Schneier on Security AI and Liability - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security Anthropic's Fable 5 Model Jailbroken Within Days - Schneier on Security Professional Athletes and Wearables - Schneier on Security Friday Squid Blogging: Victims of Unregulated Squid Fishing - Schneier on Security Anthropic's Fable and the State of AI - Schneier on Security Embedding Forbidden Text in Spyware to Discourage AI Analysis - Schneier on Security AI Use by the US Government - Schneier on Security Flock Cameras Are Being Used for Stalking - Schneier on Security The FCC Wants to Eliminate Burner Phones - Schneier on Security Upcoming Speaking Engagements - Schneier on Security Friday Squid Blogging: Squid-Inspired Fluid Pump Bernie Sanders’ AI Sovereign Wealth Fund Plan Enhanced License Plate Tracking NSO Group Hacking WhatsApp Despite Court Order GPS As a Key Distribution Platform - Schneier on Security Critical Zcash Vulnerability Found and Fixed Anthropic’s Project Glasswing Update AI Worm - Schneier on Security Hacking Meta's AI Chatbot - Schneier on Security AI Used to Decrypt Medieval Ciphers The Intersection of Encryption and AI Microsoft Threatening Security Researcher Vulnerability Disclosure in the Age of AI Friday Squid Blogging: Another Squid Chilling Effects FBI’s 2025 Internet Crime Report Identifying People Using Wi-Fi Routers Friday Squid Blogging: Regulating Squid Fishing in the South Pacific CISA Security Leak macOS Kernel Memory Corruption Exploit On AI Security Laurie Anderson Is Quoting Me Zero-Day Exploit Against Windows BitLocker Friday Squid Blogging: Bigfin Squid Bypassing On-Camera Age-Verification Checks OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities Copy.Fail Linux Vulnerability LLMs and Text-in-Text Steganography Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia Insider Betting on Polymarket Smart Glasses for the Authorities Rowhammer Attack Against NVIDIA Chips DarkSword Malware Hacking Polymarket A Ransomware Negotiator Was Working for a Ransomware Gang Fast16 Malware Claude Mythos Has Found 271 Zero-Days in Firefox What Anthropic’s Mythos Means for the Future of Cybersecurity Medieval Encrypted Letter Decoded Friday Squid Blogging: How Squid Survived Extinction Events Hiding Bluetooth Trackers in Mail FBI Extracts Deleted Signal Messages from iPhone Notification Database ICE Uses Graphite Spyware - Schneier on Security Mexican Surveillance Company - Schneier on Security Is “Satoshi Nakamoto” Really Adam Back? Friday Squid Blogging: New Giant Squid Video Mythos and Cybersecurity Human Trust of AI Agents Defense in Depth, Medieval Style
Interesting Paper Exploring Prompt Injection - Schneier on Security
Bruce Schneier · 2026-06-25 · via Schneier on Security

This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags.

Their conclusion:

Role tags were a formatting trick that became the security architecture and the cognitive scaffolding of modern LLMs. We’ve shown that this architecture doesn’t survive into the model’s actual representations, and that such role confusion is linked to prompt injection.

Unless LLMs achieve genuine role perception, we think injection defense will remain a perpetual whack-a-mole game. And the continuous nature of role boundaries opens the threat of injections designed to subtly shift LLM states through seemingly innocuous text, legally and at scale.

More generally, roles are quietly one of the most important abstractions in the LLM stack, providing the boundaries meant to separate self from other, thought from communication, instruction from data. They’re human-controlled switches in an otherwise continuous system. We think they deserve a lot more study than they’ve gotten.

Full paper: “Prompt Injection as Role Confusion.” Simon Willison comments.

Posted on June 25, 2026 at 7:23 AM5 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.