WIRED / Ars Technica | July 18, 2026
Researchers from Tracebit on Monday said they found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to perform an action forbidden by its guardrails, the safety barriers AI developers erect to prevent it from taking harmful actions. The LLM responds by shutting down. Examples include a prompt that orders the LLM to provide steps for developing inhalable Anthrax spores, or references to sensitive political events. Once the LLM encounters these forbidden commands, it no longer follows its existing commands. The researchers have named the technique "context bombing." Andy Smith, cofounder and CEO of Tracebit, explained: "Ultimately we're triggering a refusal mechanism in the context. What we're trying to capture is the fact that this does have a strong, sharp effect and one that can be difficult for the agents to come back from." Across five leading models and 152 attack runs, planting one of these strings in a decoy secret cut the rate at which agents seized full account admin from 57% to 5%, and complete compromise from 36% to 1%. The most capable agent tested, Opus 4.8, went from achieving admin access in 93% of runs to failing every single time when confronted with a context bomb.