Microsoft Azure AI Introduces ‘Prompt Shields’ to Counteract LLM Manipulation

  • Microsoft introduces “Prompt Shields” to enhance security in Azure OpenAI Service and Azure AI Content Safety platforms.
  • Prompt Shields defends against direct attacks (jailbreak) and indirect attacks (embedded harmful directives).
  • Utilizes advanced machine learning and natural language processing for swift threat detection and neutralization.
  • Introduces the “Spotlighting” technique to distinguish between genuine instructions and malicious commands.
  • Prompt Shields are available in public preview for Azure AI Content Safety, and integration into Azure OpenAI Service is planned for April 1st.
  • Further integration into Azure AI Studio is anticipated in the future.

Main AI News:

In a move to bolster security within its Azure OpenAI Service and Azure AI Content Safety platforms, Microsoft has unveiled a significant enhancement named “Prompt Shields.” This innovative feature is poised to provide formidable defense mechanisms against the ever-evolving landscape of attacks aimed at large language models (LLMs).

Prompt Shields serves as a shield against two primary categories of attacks:

  • Direct Attacks: These attacks, commonly referred to as jailbreak attacks, explicitly command the LLM to bypass safety protocols or execute malicious actions.
  • Indirect Attacks: These subtle assaults involve embedding harmful directives within the apparently innocuous text, with the intention of deceiving the LLM into performing undesirable actions.

Integrated seamlessly with Azure OpenAI Service content filters and accessible through Azure AI Content Safety, Prompt Shields leverages advanced machine learning algorithms and natural language processing capabilities. This enables it to swiftly detect and neutralize potential threats present in user prompts and external data sources.

Introducing Spotlighting: A Revolutionary Defense Strategy

Microsoft has also unveiled “Spotlighting,” an innovative prompt engineering technique tailored to counter indirect attacks. By employing methods like delimiting and datamarking, Spotlighting empowers LLMs to discern with clarity between genuine instructions and concealed malicious commands.

Availability and Future Plans

Currently available for public preview as a component of Azure AI Content Safety, Prompt Shields is slated to become accessible within the Azure OpenAI Service on April 1st. Furthermore, Microsoft aims to integrate Prompt Shields seamlessly into Azure AI Studio in the near future.


Microsoft’s unveiling of “Prompt Shields” signifies a proactive step towards fortifying the security infrastructure of its Azure AI ecosystem. By addressing both direct and indirect attacks on large language models (LLMs), Microsoft aims to instill confidence among users regarding the safety and reliability of their AI services. This strategic move underscores Microsoft’s commitment to staying ahead in the rapidly evolving landscape of AI security, potentially setting a benchmark for other players in the market to follow suit.