Brazil labor court AI detects hidden prompt injection in legal petition
The AI tool Galileu, used by Brazil's labor courts, identified a hidden prompt injection in a legal petition designed to manipulate the AI's analysis. The system alerted the judge and blocked the malicious instructions, preventing the manipulation of the judicial process.
The content guided the system to contest the petition superficially and not challenge the documents, regardless of the command it received.
Key facts
- What
- The AI tool Galileu, used by Brazil's labor courts, identified a hidden prompt injection in a legal petition designed to manipulate the AI's analysis.
- Incident date
- May 12, 2026
- Who
- Tribunal Regional do Trabalho da 4ª Região (TRT4)
- Failure mode
- Prompt Injection
- AI surface
- Search / RAG
- Severity
- Low
What happened
In May 2026, the AI tool Galileu detected hidden instructions embedded in an initial petition filed in the 3rd Labor Court of Parauapebas. The hidden text instructed the AI to analyze the petition superficially and avoid challenging the provided documents. The system flagged the attempt and alerted the presiding judge, who subsequently sanctioned the lawyers involved.
What broke inside the model
- 01 · TriggerThe model reads retrieved or user-supplied text.
- 02 · Model stepThat text carries hidden instructions.
- 03 · Control gapNothing separates untrusted data from trusted commands.
- 04 · FailureThe injected instruction overrides the operator's.
- 05 · ConsequenceThe system acts on an outsider's intent.
At the injection point, retrieved text overrides the operator's instruction.
The attack utilized an indirect prompt injection where malicious instructions were hidden from human view using white-on-white text. This technique attempted to hijack the LLM's processing logic to ignore standard analysis protocols in favor of the injected commands.
What it cost
Sources
- PrimaryGalileu: Sistema identifica tentativa de manipulação em petição e alerta magistrado (Galileu: System identifies attempted manipulation in petition and alerts judge)trt4.jus.br
- PressIncident 1497: Hidden Prompt Injection in Brazilian Labor-Court Petition Reportedly Tried to Manipulate Galileuincidentdatabase.ai
- PressPrompt Injection: The Hidden AI Risk Lawyers Can’t Afford to Ignoregmlaw.com
Cite this entry
https://failureindex.ai/failures/brazil-labor-detects-hidden-prompt-injectionAI Failure Index. "Brazil labor court AI detects hidden prompt injection in legal petition" (FI-0578). Realm Labs. https://failureindex.ai/failures/brazil-labor-detects-hidden-prompt-injection (indexed Jun 16, 2026).Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0578. Full dataset at /data.
Note from Realm Labs, the Index steward
How Realm would have caught this
- Prism
- OmniGuard
Realm inspects the model's internal state for the signature of instructions arriving through the data channel, so an injected command can be flagged and blocked inline before the model acts on it, instead of trusting a classifier that scores the input as safe.