\n
## Bar Chart: Attack Success Rate (ASR) by Prompt Injection Technique and Security System
### Overview
This bar chart compares the Attack Success Rate (ASR) of various prompt injection techniques against five different security systems: Azure Prompt Shield, Protect AI v1, Meta Prompt Guard, Vijil Prompt Injection, and Protect AI v2. The chart is divided into two rows, displaying six prompt injection techniques in the top row and six in the bottom row. The Y-axis represents the ASR, ranging from 0.0 to 1.0.
### Components/Axes
* **X-axis:** Prompt Injection Technique (Deletion Characters, Diacritics, Emoji Smuggling, Full Width Text, Homoglyphs, Numbers, Bidirectional Text, Spaces, Underline Accent Marks, Unicode Tags Smuggling, Upside Down Text, Zero Width)
* **Y-axis:** Attack Success Rate (ASR) - Scale from 0.0 to 1.0
* **Legend:**
* Azure Prompt Shield (Light Blue)
* Protect AI v1 (Medium Blue)
* Meta Prompt Guard (Green)
* Vijil Prompt Injection (Yellow)
* Protect AI v2 (Pink)
### Detailed Analysis
**Top Row:**
* **Deletion Characters:** Azure Prompt Shield shows an ASR of approximately 0.72. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.92. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Diacritics:** Azure Prompt Shield shows an ASR of approximately 0.92. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.96. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Emoji Smuggling:** Azure Prompt Shield shows an ASR of approximately 0.84. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.96. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Full Width Text:** Azure Prompt Shield shows an ASR of approximately 0.76. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.84. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Homoglyphs:** Azure Prompt Shield shows an ASR of approximately 0.88. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.96. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Numbers:** Azure Prompt Shield shows an ASR of approximately 0.96. Protect AI v1 is around 0.52. Meta Prompt Guard is approximately 0.96. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
**Bottom Row:**
* **Bidirectional Text:** Azure Prompt Shield shows an ASR of approximately 0.76. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.48. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Spaces:** Azure Prompt Shield shows an ASR of approximately 0.88. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.48. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Underline Accent Marks:** Azure Prompt Shield shows an ASR of approximately 0.84. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.92. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Unicode Tags Smuggling:** Azure Prompt Shield shows an ASR of approximately 0.72. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.48. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Upside Down Text:** Azure Prompt Shield shows an ASR of approximately 0.84. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.84. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
* **Zero Width:** Azure Prompt Shield shows an ASR of approximately 0.76. Protect AI v1 is around 0.84. Meta Prompt Guard is approximately 0.88. Vijil Prompt Injection is around 0.62. Protect AI v2 is approximately 0.12.
### Key Observations
* Protect AI v2 consistently demonstrates the lowest ASR across all prompt injection techniques, often near 0.12.
* Meta Prompt Guard generally has high ASRs, frequently exceeding 0.9, except for Bidirectional Text, Spaces, Unicode Tags Smuggling, and Upside Down Text where it is around 0.48-0.92.
* Azure Prompt Shield and Protect AI v1 show moderate ASRs, generally between 0.52 and 0.96.
* Vijil Prompt Injection consistently shows an ASR around 0.62 across all techniques.
* The ASR varies significantly depending on the prompt injection technique used.
### Interpretation
The data suggests that Protect AI v2 is the most effective security system at mitigating prompt injection attacks across a wide range of techniques. Meta Prompt Guard is effective against most techniques, but shows vulnerabilities to Bidirectional Text, Spaces, Unicode Tags Smuggling, and Upside Down Text. Azure Prompt Shield and Protect AI v1 offer moderate protection, while Vijil Prompt Injection provides a relatively consistent, but moderate, level of defense.
The variation in ASR based on the injection technique indicates that different techniques exploit different vulnerabilities in the security systems. For example, the high ASR for Diacritics and Homoglyphs against Azure Prompt Shield and Protect AI v1 suggests these systems struggle with character-level manipulations. The lower ASR for Bidirectional Text against Meta Prompt Guard suggests it has specific defenses against this type of attack.
This data is valuable for security professionals to understand the strengths and weaknesses of different prompt injection defenses and to prioritize mitigation efforts based on the most likely attack vectors. The consistent performance of Protect AI v2 suggests it may be a strong candidate for deployment in environments where prompt injection is a significant concern.
