Latent Directive

Indirect Prompt Injection Research Lab

A research platform for testing AI agent susceptibility to indirect prompt injection across multiple attack surfaces: web pages, files, images, URLs, and metadata.

Blog Post (All Vectors)

An innocent-looking article with 18+ hidden injection techniques. Point an AI agent here to test comprehensive vulnerability.

Visit Blog Clean Version

Individual Techniques

Test each injection vector in isolation with unique canary tokens.

CSS Hidden White-on-White Zero Font Off-screen Visibility/Opacity HTML Comments Alt Text Data Attributes ARIA Labels Meta Tags JSON-LD SVG Text CSS Comments HTML Entities Zero-Width Unicode Base64 Encoded Font Remapping

URL-Based Vectors

HashJack, path injection, and query reflection.

HashJack Demo Path Injection Query Reflection

Poisoned Files

Downloadable files with hidden instructions in metadata and invisible content.

PDF (white text) Markdown Text (zero-width) SVG (CDATA) Image (EXIF)

User-Agent Cloaking

The /blog endpoint serves different content to AI agents vs human browsers. Try fetching with different User-Agent strings.

curl -A "ChatGPT-User" https://latentdirective.michaelnieto.com/blog

Dashboard

View which canary tokens have been triggered, by which agents, and when.

Open Dashboard Raw Hits API