Enhance AI security with Azure Prompt Shields and Azure AI Content Safety
Enhance the security of your AI solutions with Prompt Shields—a consolidated API that assesses inputs to your LLM-based systems, protecting them from both direct and indirect threats.
Fortify Against Prompt Injection Attacks
The landscape of AI security is continually evolving, with prompt injection attacks recognized as one of the foremost challenges for generative AI developers. These attacks occur when a malicious party manipulates the inputs of an LLM, thereby altering its functionality or accessing confidential information. The Open Worldwide Application Security Project (OWASP) ranks prompt injection as the most critical threat faced by LLMs today.1 Protect your AI systems from this growing concern by leveraging Azure AI Content Safety, which features Prompt Shields. This unified API scrutinises inputs to your LLM-based applications, safeguarding against both direct and indirect threats. These vulnerabilities include bypassing established safety protocols, leaking sensitive information, or prompting AI systems to perform unintended actions.
Understanding Prompt Injection Attacks
Prompt injection attacks take place when malicious entities utilise misleading prompts to elicit harmful or unintended responses from AI models. These attacks are primarily divided into two categories: direct and indirect prompt injection attacks.
- Direct prompt injection attacks, including various jailbreak attempts, involve an end user entering a harmful prompt aimed at bypassing security measures to extract sensitive data. For example, an attacker may compel an AI model to reveal private information, such as social security numbers or confidential emails.
- Indirect, or cross-prompt injection attacks (XPIA), embed deceptive prompts within seemingly harmless external content like documents or emails. When the AI model processes this content, it unknowingly executes the embedded instructions, potentially jeopardising system integrity.
Prompt Shields works seamlessly with Azure OpenAI content filters and is part of Azure AI Content Safety. It protects against a variety of prompt injection attacks, with ongoing enhancements being made as new attack types arise. By employing advanced machine learning and natural language processing techniques, Prompt Shields effectively identifies and mitigates potential threats from user inputs and third-party content. This state-of-the-art capability helps ensure the security and integrity of your AI applications, protecting your systems from malicious exploitation.
Capabilities of Prompt Shields:
- Contextual Awareness: Prompt Shields can comprehend the context surrounding prompts, adding an extra security layer by interpreting user intent. This contextual understanding reduces false positives, distinguishing between genuine user inputs and actual attacks.
- Enhancement through Spotlighting: Announced at Microsoft Build 2025, Spotlighting boosts Prompt Shields’ ability to detect and block indirect prompt injection attacks. By differentiating between trusted and untrusted inputs, this innovation enables developers to bolster the security of generative AI applications against adversarial prompts hidden within documents, emails, and other web content.
- Real-time Response: Prompt Shields operates in real-time, marking it as one of the first general real-time capabilities available. It quickly identifies and mitigates threats before they can compromise your AI model, greatly reducing the likelihood of data breaches and maintaining system integrity.
A Holistic Approach
- Risk and Safety Evaluations: Azure AI Foundry offers evaluations that help users assess their generative AI application’s outputs for content-related risks, including harmful, violent, or self-harm content, along with vulnerabilities to direct or indirect jailbreaks.
- Red-Teaming Agent: This feature allows for automated scans and adversarial probing to detect known risks at scale. It enables teams to adopt a proactive approach to safety testing during development. Safety evaluations support red teaming by generating adversarial datasets for improved testing and quicker identification of potential issues.
- Comprehensive Controls and Guardrails: Prompt Shields is one of several content filters within Azure AI Foundry that effectively detect and mitigate risks, including prompt injection attacks and grounded outputs.
- Defender for Cloud Integration: Microsoft Defender now integrates directly into Azure AI Foundry. This provides AI security posture recommendations and real-time alerts for potential threats within the development environment, bridging the gap between security and engineering teams. This allows developers to proactively address risks detected by Prompt Shields, with alerts available in the Risks and Alerts tab to aid in reducing vulnerability and building secure AI applications from the outset.
Real-World Examples
AI Content Safety’s Prompt Shields deliver a multitude of advantages. Beyond protecting against jailbreaks and prompt injection attacks, it ensures that LLMs operate as intended by blocking prompts seeking to circumvent rules established by developers. The following use cases and testimonials illustrate the effectiveness of these features.
AXA: Maintaining Reliability and Security
AXA, a prominent global insurance provider, utilises Azure OpenAI for its Secure GPT solution. By integrating Azure’s content filtering technology with its own security protocols, AXA effectively prevents prompt injection attacks, ensuring the reliability of its AI models. Secure GPT, built on Azure OpenAI in Foundry Models, utilises models fine-tuned through human feedback reinforcement learning. Moreover, AXA leverages Azure’s content filtering technology, enhanced with its own safeguards to prevent any attempts at jailbreaking through Prompt Shields, ensuring optimal reliability. These measures are regularly updated to maintain state-of-the-art protection.
Wrtn: Ensuring Secure Scaling with Azure AI Content Safety
Wrtn Technologies, a leading enterprise in Korea, utilises Azure AI Content Safety for compliance and security within its products. Central to Wrtn’s offerings is technology that compiles a variety of AI use cases and services tailored for Korean users, seamlessly integrating AI into their daily routines. Their platform features AI-enhanced search, chat functionalities, and customizable templates, allowing users to interact with an emotional companion AI that possesses engaging personalities, conversing naturally with users.
Due to the high customisability of the product, the ability to easily toggle content filters and Prompt Shields is particularly advantageous, enabling Wrtn to customize its security measures efficiently. This flexibility allows developers to scale products while adhering to compliance standards and meeting user needs across Korea.
“It’s not solely about security and privacy, but also safety. With Azure, we can swiftly activate or deactivate content filters. The extensive features significantly enhance our product’s performance,” states Dongjae “DJ” Lee, Chief Product Officer.
Incorporate Prompt Shields into Your AI Strategy
For IT leaders aiming to strengthen the security of their AI solutions, integrating Azure’s Prompt Shields is essential. Fortunately, activating Prompt Shields is straightforward.
Azure’s Prompt Shields and built-in AI security features deliver unmatched protection for AI models, ensuring that organisations can harness AI’s potential without sacrificing security. Microsoft stands out as a frontrunner in combating prompt injection attacks, utilising best practices cultivated through decades of research, policy development, product engineering, and insights garnered from creating AI products at scale. By incorporating these features into your AI strategy, you can effectively protect your systems from prompt injection attacks, thereby maintaining user trust and confidence.
Dedication to Trustworthy AI
Companies from various sectors are leveraging Azure AI Foundry and Microsoft 365 Copilot to drive growth, boost productivity, and create value-added experiences.
We are committed to assisting organisations in the development and use of AI that is trustworthy, prioritising security, privacy, and safety. Achieving trustworthy AI combines our commitments, such as our Secure Future Initiative and Responsible AI principles, with our robust product capabilities, allowing confident AI transformation.
