The Hague, The Netherlands, October 28th 2025 - Dutch cybersecurity company Eye Security has turned one of AI’s most discussed vulnerability into a defense mechanism. The company’s research team developed Prompt Injection for Good, a creative new concept to use prompt injection (a technique normally used by attackers), to protect sensitive data from leaving corporate environments.
Generative AI tools such as ChatGPT, Copilot and DeepSeek have transformed how organisations work, helping teams write, analyse and automate tasks faster than ever before. But this rapid adoption also exposes companies to Shadow AI, the unapproved use of AI tools where sensitive data can end up outside company control.
Turning AI’s weakness into a strength
Prompt injection is typically used to manipulate AI models. Earlier this year, Eye Security’s Chief Hacker Vaisha Bernard demonstrated how the same technique could be used to escape Copilot’s AI sandbox and gain elevated privileges. This inspired the team to explore how prompt injection could be flipped into a defensive capability.
The approach embeds short, hidden instructions in corporate files or emails. When those files are uploaded into AI tools such as ChatGP, Copilot or DeepSeek, the AI automatically displays a clear message such as:
“This document contains sensitive corporate data. Please be aware of the risks of sharing it with untrusted third parties.”
This concept turns a known AI vulnerability into a form of real time awareness. It helps employees recognise potential data exposure the moment it happens, instead of long after.
“We believe that innovation and security can go hand in hand,” said Piet Kerkhofs, CTO at Eye Security. “With Prompt Injection for Good, Eye Security is giving organisations a practical way to explore AI safely, protecting data without slowing people down.”
From risk to readiness
Shadow AI is not born from negligence but from curiosity. Employees reach for tools that make their work easier, even if those tools are outside corporate governance. Prompt Injection for Good accepts that reality. It raises awareness rather than blocking progress, helping employees make safer choices without adding friction.
Eye Security’s research team tested the approach across platforms such as Microsoft 365 (Office and Email), Google (Docs and Gmail) and Confluence, embedding defensive prompts into file headers, exports and email signatures. The tests showed that several large language models can respond predictably to these embedded warnings, an early proof that AI can be guided to protect, not just to serve.
💻 Organisations can try the concept themselves using the interactive generator on the Eye Security website, which lets them create a defensive prompt and see how it behaves in their own documents.
A holistic approach to safer AI adoption
Prompt Injection for Good is one of several free tools developed by Eye Security to help European organisations manage digital risk more effectively. Other free resources include:
- EAST, a phishing protection tool that helps end-users recognise suspicious Microsoft 365 login pages.
- ClickFix Block, a free browser extension that prevents successful social engineering attacks (fake CAPTCHA).
Staying ahead of the next threat
AI is reshaping the cybersecurity landscape, but attackers are evolving just as quickly. Tools such as Prompt Injection for Good, EAST and ClickFix add valuable layers of awareness and control. True resilience depends on constant visibility and rapid response. Eye Security provides this through 24/7 Managed Detection and Response (MDR), supported by threat intelligence and cyber insurance. Together, these capabilities help organisations detect, contain and recover from attacks quickly and confidently.
About Eye Security
Eye Security is a European cybersecurity company protecting organisations with continuous threat monitoring, incident response and cyber insurance. The company’s research team performs proactive scans and threat intelligence operations across Europe to defend customers and their supply chains.
Learn more at eye.security and follow Eye Security on LinkedIn.
