The USA and China are waging a covert battle over chatbot control – not through classical hacking, but through prompt-injection attacks. According to reporting by the Washington Post and Anthropic, both countries are systematically trying to force large language models to reveal their internal instructions and training data. It is an arms race for AI security that is just gaining momentum.
The essentials
- Prompt-injection is a new attack vector: Users attempt to break AI models out of their security guidelines through cleverly formulated inputs
- USA and China are both running systematic campaigns to test adversarial and domestic AI systems for vulnerabilities
- The attacks aim to expose system prompts, training data, and proprietary information
- This is a new arms race: While classical cybersecurity operates at the network level, this battle takes place at the AI-prompt level
How the attacks work
Prompt-injection is conceptually simple but insidious: An attacker formulates an input so that the AI model ignores its own security guidelines. Instead of helping the user, the model should then reveal internal instructions – such as how it was trained or what data it contains. The Washington Post demonstrates that such attacks are not merely theoretical but are already being conducted at scale by state actors.
The treacherous part: No malware is needed, no server access required. A simple text is sufficient. This makes this attack vector extremely attractive for intelligence agencies and militaries – and extremely dangerous for AI providers.
The strategic backdrop
Whoever knows the vulnerabilities in adversarial AI systems gains an advantage. Simultaneously, nations must harden their own models. This leads to a classic arms spiral: USA and China test each other's systems, improve their defenses, the other adapts – and so on.
The implications are substantial: AI models become strategic assets like nuclear power plants or aircraft carriers. Whoever controls or compromises them gains an informational edge. This explains why both superpowers are investing massively here.
What this means for German companies
German firms developing or deploying AI systems should understand: Prompt-injection is not science fiction but a present threat. Companies working with sensitive data – financial sector, industry, healthcare – must test their models for robustness. The question is not if, but when such attacks will be deliberately deployed against German systems. A defensive mindset is now required: What information could my model accidentally disclose? How do I test for this? Who bears responsibility? These questions belong in every AI governance plan.
Sources
Editorially owned by Ideal Syka. Sources and method: Newsroom & method. Tips and corrections: ai@i6eal.de.




