Researchers have discovered a way to bypass AI guardrails, which are designed to prevent harmful outputs, by using specific strings like “=coffee” in prompts. This technique, called EchoGram, enables direct prompt injection attacks, allowing users to manipulate AI models into generating undesirable content. The researchers, from HiddenLayer, found that by appending certain strings to prompt injection attacks, they could evade the guardrails that would otherwise block them. This method is similar to prompt injection, where untrusted user input is concatenated with a trusted prompt. However, EchoGram specifically targets the guardrails themselves, which are often machine learning models protecting other LLMs. The attack involves creating or acquiring a wordlist of benign and malicious terms, then scoring sequences to identify when the guardrail model’s decision changes. This process results in a token or set of tokens that, when added to a prompt injection, can bypass the guardrails. For instance, the string “oz” or “=coffee” can make prompt injection attempts appear safe to models like OpenAI’s GPT-4o and Qwen3Guard 0.6B. This finding highlights a potential vulnerability in AI guardrails, which are crucial for maintaining the security of AI systems. It also raises concerns about the effectiveness of current guardrail mechanisms, which rely on curated datasets and machine learning models to distinguish between safe and harmful prompts.