Skip to content

tracebit-com/context-bombs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

Context Bombs

context_bomb

Strings that can stop AI attackers by tripping their safety guardrails.

When used as the content of canary resources in your environment, context bombs can both detect (raising an alert) and stop an offensive AI agent.
Effectiveness of those strings can vary by model provider: dangerous biological content stops the leading Western models, while politically sensitive content stops Chinese models served by Chinese providers.

How we tested context bombs

Strings in this repo have been tested against five frontier models performing a red team engagement in a realistic AWS environment.
Deploying a single context bomb inside the environment (as an AWS secret) had a huge impact on stopping offensive AI agents. For instance, admin privilege escalation went from 57% of runs to 5%.

Models tested:

Model Provider
Claude Opus 4.8 Anthropic
Gemini 3.1 Pro Google
GLM 5.2 GMI Cloud
DeepSeek 4 Pro DeepSeek
Kimi K2.6 Novita AI

Why this matters

Context bombs are a form of active defense that pairs deception (canaries) with disruption (guardrail-tripping content). They turn an attacker's own guardrails into your kill switch.


Full research: https://agentic.tracebit.com/context-bombs

Releases

No releases published

Contributors