Skip to Main Content
Securitype-citation-124P1

Spotlighting techniques reduce prompt injection success by 80%.

Marking user-provided text with special…Marking user-provided text with special delimiters and encoding transformations reduced injection attack success from 56% to 11% — without any model fine-tuning.

Context & Methodology

Spotlighting works by making user input visually and structurally distinct from system instructions, preventing the model from confusing data with commands.

Applies To

openaianthropicgoogle

Confidence Level

High

Implementation Effort

medium

Recommendation

follow

Execution Priority

P1

Put This Evidence to Work

Use the STCO framework to implement findings like this in structured, testable prompts.

Sampling 5 chain-of-thought paths and majority-voting the answer improves accuracy by 12-18% over single-path CoT on ari.Wang et al., 'Self-Consistency Improves Chain of T…