## Bar Chart: Attack Success Rate (ASR) Across Text Manipulation Techniques ### Overview The chart compares the effectiveness of five text manipulation detection methods (Azure Prompt Shield, Protect AI v1, Meta Prompt Guard, Vijil Prompt Injection, Protect AI v2) across 10 categories of adversarial text modifications. Attack Success Rate (ASR) is measured on a 0-1 scale, with higher values indicating greater vulnerability to attacks. ### Components/Axes - **X-axis**: Categories of text manipulation techniques (Bidirectional Text, Spaces, Emoji Smuggling, Full Width Text, Homoglyphs, Numbers, Underline Accent Marks, Unicode Tags Smuggling, Upside Down Text, Zero Width) - **Y-axis**: Attack Success Rate (ASR) from 0.0 to 1.0 - **Legend**: Located at the bottom, color-coded for five methods: - Azure Prompt Shield (teal) - Protect AI v1 (blue) - Meta Prompt Guard (green) - Vijil Prompt Injection (yellow) - Protect AI v2 (pink) ### Detailed Analysis 1. **Bidirectional Text** - Azure Prompt Shield: ~0.5 - Protect AI v1: ~0.7 - Meta Prompt Guard: ~0.9 - Vijil Prompt Injection: ~0.95 - Protect AI v2: ~0.1 2. **Spaces** - Azure Prompt Shield: ~0.8 - Protect AI v1: ~0.1 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~1.0 3. **Emoji Smuggling** - Azure Prompt Shield: ~1.0 - Protect AI v1: ~1.0 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~1.0 4. **Full Width Text** - Azure Prompt Shield: ~0.5 - Protect AI v1: ~0.7 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~0.2 5. **Homoglyphs** - Azure Prompt Shield: ~1.0 - Protect AI v1: ~0.9 - Meta Prompt Guard: ~0.5 - Vijil Prompt Injection: ~0.6 - Protect AI v2: ~1.0 6. **Numbers** - Azure Prompt Shield: ~0.9 - Protect AI v1: ~0.9 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~0.1 7. **Underline Accent Marks** - Azure Prompt Shield: ~0.9 - Protect AI v1: ~1.0 - Meta Prompt Guard: ~0.1 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~1.0 8. **Unicode Tags Smuggling** - Azure Prompt Shield: ~0.5 - Protect AI v1: ~0.9 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~1.0 9. **Upside Down Text** - Azure Prompt Shield: ~0.2 - Protect AI v1: ~0.9 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~1.0 - Protect AI v2: ~1.0 10. **Zero Width** - Azure Prompt Shield: ~0.8 - Protect AI v1: ~0.1 - Meta Prompt Guard: ~1.0 - Vijil Prompt Injection: ~0.95 - Protect AI v2: ~0.1 ### Key Observations - **Vijil Prompt Injection** consistently shows the highest ASR across most categories (~0.9-1.0), indicating it is the most vulnerable to attacks. - **Protect AI v2** (pink) has the lowest ASR in most categories (~0.1-0.2), suggesting superior robustness. - **Meta Prompt Guard** (green) performs well in Spaces, Emoji Smuggling, and Numbers but struggles with Homoglyphs (~0.5) and Underline Accent Marks (~0.1). - **Azure Prompt Shield** (teal) shows moderate performance (~0.5-0.9) but fails in Full Width Text (~0.5) and Upside Down Text (~0.2). - **Protect AI v1** (blue) has mixed results, excelling in Bidirectional Text (~0.7) but underperforming in Spaces (~0.1) and Zero Width (~0.1). ### Interpretation The data suggests that **Protect AI v2** is the most effective method for detecting adversarial text manipulations, likely due to its consistent low ASR across categories. **Vijil Prompt Injection** appears to be the least robust, with near-perfect ASR in most scenarios. The chart highlights trade-offs between methods: while some excel in specific attack types (e.g., Meta Prompt Guard in Spaces), others offer broader protection. The stark contrast between Protect AI v2 and other methods implies potential architectural or algorithmic advantages in its design. Notably, **Emoji Smuggling** and **Zero Width** manipulations universally bypass all methods except Protect AI v2, indicating these techniques may represent novel or particularly challenging attack vectors.