sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Adding new rule to detection prompt injection using hidden content

Open MSAdministrator opened this issue 3 months ago • 2 comments

Description

We identified this blog and then I performed a few hunts identifying a similar example.

Associated samples

Associated hunts

MSAdministrator avatar Aug 27 '25 17:08 MSAdministrator

/update-test-rules

zoomequipd avatar Sep 02 '25 04:09 zoomequipd

still thinking through this one as time permits between other work. If anyone has a better approach, please chime in.

type.inbound
and strings.ilevenshtein(body.plain.raw, body.html.display_text) > length(body.html.display_text)
and strings.icontains(body.plain.raw, "Before answering")

MSAdministrator avatar Sep 02 '25 17:09 MSAdministrator

Closing this

MSAdministrator avatar Nov 20 '25 16:11 MSAdministrator