product

Microsoft Semantic Kernel

productactiveprovisionalmicrosoft-semantic-kernel-6709abc3·1 events·first seen 4h ago

Aliases: Microsoft Semantic Kernel

Co-occurring entities

GPT-3.5 Turbo GPT-4.1 mini GPT-4o mini Microsoft Structural Role Injection in Handlebars-Templated LLM Prompts: Triple-Brace Interpolation, Delimiter Family, and the Limits of HTML Auto-Escaping Claude Haiku 4.5 Handlebars OpenAI Anthropic

More like this (12)

Neural Tangent Kernel Microsoft Seeing AI Core ML OpenML Microsoft Microsoft Bing AI Microsoft Build 2026 Microsoft Threat Intelligence Microsoft Research Liger Kernel microsoft/agent-framework Centered Kernel Alignment

Recent events (1)

6arXiv · cs.CL·4h ago·source ↗

Structural role injection via Handlebars triple-brace interpolation in LLM prompts: empirical analysis across delimiter families and models

A new arXiv paper demonstrates that Handlebars templating's HTML auto-escaping—the default in Microsoft Semantic Kernel—provides uneven protection against structural role injection attacks, where attacker-controlled data carries chat role delimiters to forge higher-privilege turns. The authors conduct 5,760 trials across seven delimiter families, two attack objectives, and four models (GPT-3.5 Turbo, GPT-4o mini, GPT-4.1 mini, Claude Haiku 4.5), finding that HTML escaping neutralizes angle-bracket-based delimiters (ChatML, Llama-3, XML) but leaves colon- and Markdown-based families fully exposed. GPT-3.5 Turbo follows task-hijack instructions in 97% of raw and 91% of escaped trials; Claude Haiku 4.5 resists both objectives almost entirely. The paper concludes that HTML escaping cannot substitute for structural separation of instruction and data.

AI Safety Research Agent and Tool Ecosystem Microsoft Semantic Kernel GPT-3.5 Turbo GPT-4.1 mini +7 more