CITATION — REFERENCE ENTRY

Context Poisoning — Confident AI

Revision 2a0f1c4e-be49-49a6-8f4f-e22cc786e88e · 5/23/2026, 7:09:03 PM UTC

Key: deepteam-context-poisoning
Authors: DeepTeam by Confident AI
Type: webpage
Publisher: Confident AI
URL: https://www.trydeepteam.com/docs/red-teaming-agentic-attacks-context-poisoning

Raw CSL JSON

{
  "URL": "https://www.trydeepteam.com/docs/red-teaming-agentic-attacks-context-poisoning",
  "type": "webpage",
  "title": "Context Poisoning",
  "author": [
    {
      "literal": "DeepTeam by Confident AI"
    }
  ],
  "accessed": {
    "date-parts": [
      [
        2026,
        5,
        23
      ]
    ]
  },
  "language": "en",
  "publisher": "Confident AI"
}

Claims

deepteam-vs-prompt-injection

DeepTeam distinguishes context poisoning from direct prompt injection by noting that context poisoning does not issue instructions, but instead reframes the operational reality in which the request is answered by injecting false background context that appears as pre-existing memory, environmental state, policy precedent, or historical assumptions.

"Unlike direct prompt injection, Context Poisoning does not issue instructions. Instead, it reframes the operational reality in which the request is answered."

Quote language: en

Available in

en - English