Artificial Intelligence

A new shield could guard AI agents against cyberattacks

A teen programmer built the system to help detect and ward off ‘prompt injection attacks’

a robot raises a shield against a trojan horse with a poison symbol on its side

Prompt injection attacks disguise harmful instructions inside seemingly innocent inputs, such as bits of text. AI agents exposed to these can be manipulated into sharing sensitive data, spreading misinformation and more. A teen’s new software would shield AI agents from such cyberattacks.

sorbetto/Getty Images

By Maria Temming

Kevin Lu, 17, is working on ways to protect AI from sneak attacks meant to steal sensitive data or do other harm.

Today, people are using AI agents to perform a growing mix of tasks — from drafting emails to handling files or searching the web. But these agents can be vulnerable to something known as prompt injection attacks. That’s when a hacker hides instructions inside a seemingly innocent input, such as a piece of text. When an AI model encounters that input, it can be coaxed to spill private data, spread fake news and more.

Kevin Lu, 17, devised a way to help protect AI assistants from stealthy “prompt injection attacks.” Society for Science

There’s no foolproof way to ward off prompt injection attacks. But Kevin forged a new shield. His software can help guard AI agents against these types of hacks.

His program traps suspicious prompts before they can reach an AI model. And it monitors the AI for evidence that it is being manipulated by a prompt injection attack.

In tests, no simulated cyberattacks got through Kevin’s shield. He hopes this system could help make AI agents more secure. He’s especially concerned about those that people entrust with online bank accounts and other private data.

Kevin is currently a senior at Bellarmine College Preparatory School in San Jose, Calif. His research earned him a finalist spot at the 2026 Regeneron Science Talent Search. (That competition is run by Society for Science, which also publishes Science News Explores.) In this interview, Kevin shares his research experiences.

What was your reaction to seeing how well your system performed?

“I worked on this for over a year,” Kevin says. “I began with a completely different solution.” Gradually, he revised and expanded his AI protection program. “I wouldn’t say I had a really big ‘aha’ moment” in seeing how well the system performed, Kevin says. “But it was just really rewarding to work on it continually.”

What was the biggest challenge?

“Since I worked on it by myself, it was kind of hard to know if I was going in the right direction,” Kevin says. “I had a lot of inspiration from this one weblog.” The blogger, Simon Willison, had written about how prompt injection attacks work and how they might be stopped. Google DeepMind researcher Neel Nanda was another big inspiration, Kevin says. Watching Nanda’s livestreams helped Kevin learn how to code some parts of his project. 

What was your favorite part?

“I had a lot of fun coding the project,” Kevin says. “I also really liked making the poster, because I was able to draw a bunch of these flow charts … that I can point to and showcase [the work] in a less technical way.” That made it easier to talk about his research with family and friends. “I really felt like that elevated my ability to communicate my work.”  

Power Words

More About Power Words

agent: A person or thing (it can be a chemical or even a form of energy) that plays some role in getting something done.

AI agent: A technology that uses a large language model, like a brain, and then links it to tools such as email or the internet so that it can perform actions or accomplish tasks on its own.

AI model: Short for artificial-intelligence model, it’s a particularly smart computer algorithm. Simple types of these models choose from a set of pre-selected to answer a user’s requests (perhaps to respond to a chat). More complex models may train on mountains of data to essentially figure out their own answers to potentially novel questions.

code: (in computing) To use special language to write or revise a program that makes a computer do something. (n.) Code also refers to each of the particular parts of that programming that instructs a computer's operations.

hack: (in computing) To get unapproved — often illegal — access to a computer, usually to steal or alter data or files. Someone who does this is known as a hacker.

model: A simulation of a real-world event (usually using a computer) that has been developed to predict one or more likely outcomes. Or an individual that is meant to display how something would work in or look on others.

monitor: To test, sample or watch something, especially on a regular or ongoing basis.

prompt injection attack: (in artificial intelligence) A type of cyberattack against large language models (LLMs). Computer hackers disguise harmful inputs as legitimate “prompts.” In this way, they made persuade generative AI systems (GenAI) into sharing sensitive data, spreading misinformation or stealing data. The easiest type just tell a chatbot to ignore the rules its developers made for allowable behaviors. These prompt injection attacks are so worrisome because as of 2026, AI security researchers had not yet found a foolproof way to disarm them.

prompts: (in artificial intelligence) The requests that a user makes, telling an artificial-intelligence model specifically what it wants the bot to do. For instance, the prompt might be: Rewrite the Night Before Christmas poem as a rapper might perform it. Or: Create a video of a black cat wearing a beret driving a red MG Cyberster convertible down a street in London at night with Big Ben in the background showing the time as 11:15 p.m. The more specific the prompt, the more likely the AI creation will satisfy the user.

software: The mathematical instructions that direct a computer’s hardware, including its processor, to perform certain operations.

Science Talent Search: An annual competition created and run by Society for Science. Begun in 1942, this event brings 40 research-oriented high school seniors to Washington, D.C. each year to showcase their research to the public and to compete for awards. Since spring 2016, this competition has been sponsored by Regeneron Pharmaceuticals.

Society for Science: A nonprofit organization created in 1921 and based in Washington, D.C. Since its founding, the Society has been promoting not only public engagement in scientific research but also the public understanding of science. It created and continues to run two renowned high-school science competitions: the Regeneron Science Talent Search (begun in 1942) and the Regeneron International Science and Engineering Fair (created in 1950). A third, middle-school competition, launched in 2010, has since 2023 been known as the Thermo Fisher Scientific Junior Innovators Challenge. The Society also publishes award-winning journalism: in Science News (launched in 1922) and Science News Explores (created in 2003).

system: A network of parts that together work to achieve some function. For instance, the blood, vessels and heart are primary components of the human body's circulatory system. Similarly, trains, platforms, tracks, roadway signals and overpasses are among the potential components of a nation's railway system. System can even be applied to the processes or ideas that are part of some method or ordered set of procedures for getting a task done.

About Maria Temming

Maria Temming is the Assistant Managing Editor at Science News Explores. She has bachelor's degrees in physics and English, and a master's in science writing.

More Stories from Science News Explores on Artificial Intelligence

  1. Artificial Intelligence

    Sneaky: AI auto-complete may be shaping our views

    By Sujata Gupta
  2. Artificial Intelligence

    At least half of U.S. teens use chatbots for homework and more

    By Kathryn Hulick
  3. Artificial Intelligence

    Bots have their own social network, and it’s worrying experts

    By Kathryn Hulick
  4. Animals

    Lions have a second roar that scientists have only just discovered

    By Elie Dolgin
  5. Artificial Intelligence

    Chatbots may make learning feel easy — but it’s shallow

    By Payal Dhar
  6. Artificial Intelligence

    AI can now write working genetic instruction books from scratch

    By Erin Garcia de Jesús
  7. Science & Society

    This game designer shares neurodivergent experiences through gaming 

    By Aaron Tremper
  8. Artificial Intelligence

    5 things to remember when talking to a chatbot

    By Kathryn Hulick