Prompt Injection — A New Risk

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-builders-agentic-agent-prompt-injection

1. What is prompt injection?

   1. A technique where attackers hide malicious instructions inside content that an AI agent will read
   2. A method where hackers steal passwords from computer networks
   3. A way to make AI systems run faster by optimizing code
   4. A process where users directly type commands into an AI system

2. In the famous website example from the lesson, what happens when an agent reads a webpage containing hidden instructions?

   1. The agent follows the hidden instructions thinking they came from its user
   2. The agent ignores the hidden text because it's not visible to humans
   3. The agent immediately alerts the user about suspicious content
   4. The agent deletes the hidden instructions from the page

3. Why does an agent follow hidden instructions embedded in external content?

   1. The agent cannot distinguish between instructions from its user and instructions hidden in content it reads
   2. The agent is programmed to trust all content from the internet
   3. The hidden instructions use special codes that force the agent to obey
   4. The agent wants to help the website owner

4. Which defense involves treating all content from outside sources as potentially untrusted?

   1. Treating all external content as untrusted
   2. Using agents that distinguish user instructions from content instructions
   3. Limiting what agents can do without explicit approval
   4. Making agents faster and more efficient

5. What does the second defense against prompt injection require an agent to do?

   1. Distinguish between instructions from the user and instructions found in content it reads
   2. Read web pages much faster to catch attacks
   3. Automatically delete all hidden text
   4. Connect directly to user accounts

6. The third defense against prompt injection involves what kind of restrictions?

   1. Limiting what agents can do without getting explicit approval from a user
   2. Preventing agents from reading any content online
   3. Making agents only work for one hour per day
   4. Requiring agents to use complex passwords

7. What is 'indirect injection' a type of?

   1. Prompt injection
   2. Computer virus
   3. Email scam
   4. Video game glitch

8. Why do security experts call prompt injection 'the new XSS'?

   1. Both attacks inject malicious code into trusted systems by exploiting how they process input
   2. Both attacks only affect very old computer systems
   3. Both attacks require physical access to the target computer
   4. Both attacks are impossible to detect

9. What is a 'trust boundary' in the context of AI agents?

   1. The line between what an agent should trust from its user versus what it reads in external content
   2. The physical location where servers are kept secure
   3. A type of firewall for home computers
   4. The difference between good and bad AI

10. An email agent reads an email that contains hidden text telling it to forward all future messages to an attacker's address. What is this an example of?

    1. Prompt injection
    2. A normal email filter update
    3. A software crash
    4. An encrypted message

11. Which defense would be most effective if an agent must read content from untrusted websites?

    1. Treating all website content as untrusted and verifying before acting
    2. Making the agent read websites faster
    3. Using brighter colors in the agent's interface
    4. Limiting the agent to only working at night

12. Why are most current AI agents still vulnerable to prompt injection?

    1. They cannot tell the difference between user commands and hidden instructions in content
    2. They are too expensive for attackers to target
    3. They automatically delete all user instructions
    4. They only work on secure government networks

13. A developer wants to protect an agent that summarizes web articles. Which defense should they implement first?

    1. Treat all content from articles as untrusted until verified
    2. Install antivirus software on the agent
    3. Make the agent only summarize text in red font
    4. Require the agent to ask permission before summarizing

14. If an AI assistant can access your email, what is the worst-case outcome of a successful prompt injection attack?

    1. The attacker gains access to read all your emails
    2. The assistant runs faster
    3. Your computer gets faster internet
    4. The attacker sends you a friendly message

15. What makes prompt injection different from a human hacker reading your messages?

    1. The agent follows instructions without realizing they're from an attacker, making the attack look legitimate
    2. Prompt injection only works on very old computers
    3. Humans can easily spot hidden text in documents
    4. Agents never have access to private information