Prompt Injection Via Road Signs

This report describes CHAI — a prompt-injection attack technique that hides deceptive natural-language instructions in visual inputs (e.g., road signs) to hijack embodied AI systems using large visual-language models; the authors evaluate it across drone emergency landing, autonomous driving, aerial tracking, and a real robotic vehicle, finding CHAI outperforms existing attacks and urging defenses beyond traditional adversarial robustness.