{"id":10587,"date":"2026-02-12T05:03:32","date_gmt":"2026-02-12T05:03:32","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/12\/prompt-injection-via-road-signs-html\/"},"modified":"2026-02-12T05:03:32","modified_gmt":"2026-02-12T05:03:32","slug":"prompt-injection-via-road-signs-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/12\/prompt-injection-via-road-signs-html\/","title":{"rendered":"Prompt Injection Via Road Signs"},"content":{"rendered":"\n
Prompt Injection Via Road Signs<\/div>\n

\t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Interesting research: \u201cCHAI: Command Hijacking Against Embodied AI<\/a>.\u201d<\/p>\n

\n

Abstract:<\/b> Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also create new security risks. In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based attacks that exploit the multimodal language interpretation abilities of Large Visual-Language Models (LVLMs). CHAI embeds deceptive natural language instructions, such as misleading signs, in visual input, systematically searches the token space, builds a dictionary of prompts, and guides an attacker model to generate Visual Attack Prompts. We evaluate CHAI on four LVLM agents; drone emergency landing, autonomous driving, and aerial object tracking, and on a real robotic vehicle. Our experiments show that CHAI consistently outperforms state-of-the-art attacks. By exploiting the semantic and multimodal reasoning strengths of next-generation embodied AI systems, CHAI underscores the urgent need for defenses that extend beyond traditional adversarial robustness.<\/p>\n<\/blockquote>\n

News article<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Bruce Schneier
\n \t

\n
<\/BR>
\nGo to bruce schneier<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Prompt Injection Via Road Signs Interesting research: \u201cCHAI: Command Hijacking Against Embodied AI.\u201d Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[88,167,57,341,97,1],"tags":[87],"class_list":["post-10587","post","type-post","status-publish","format-standard","hentry","category-academic-papers","category-ai","category-bruce-schneier","category-cars","category-hacking","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10587"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10587"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10587\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}