Potential Prompt Injection Attack in Body HTML

Detects messages containing references to major AI tools (like Gemini, Copilot, ChatGPT, or Claude) in non-standard HTML elements.

Sublime rule (View on GitHub)

 1name: "Potential Prompt Injection Attack in Body HTML"
 2description: "Detects messages containing references to major AI tools (like Gemini, Copilot, ChatGPT, or Claude) in non-standard HTML elements."
 3type: "rule"
 4severity: "high"
 5source: |
 6  type.inbound
 7  and length(filter(html.xpath(body.html,
 8                               "//*[local-name() = 'admin']"
 9                    ).nodes,
10                    length(.display_text) > 0
11                    and strings.ilike(.display_text,
12                                      '*gemini*',
13                                      '*copilot*',
14                                      '*chatgpt*',
15                                      '*claude*'
16                    )
17             )
18  ) > 0
19  
20  // negate highly trusted sender domains unless they fail DMARC authentication
21  and (
22    (
23      sender.email.domain.root_domain in $high_trust_sender_root_domains
24      and not headers.auth_summary.dmarc.pass
25    )
26    or sender.email.domain.root_domain not in $high_trust_sender_root_domains
27  )  
28
29attack_types:
30  - "Callback Phishing"
31  - "Credential Phishing"
32  - "Extortion"
33  - "Malware/Ransomware"
34  - "Spam"
35  - "BEC/Fraud"
36tactics_and_techniques:
37  - "Evasion"
38  - "Social engineering"
39detection_methods:
40  - "Header analysis"
41  - "HTML analysis"
42  - "Content analysis"
43id: "5fb24736-df8a-5a3a-84da-a2d5560d73d1"
to-top