Mend.io has launched System Prompt Hardening within Mend AI to detect, score, and automatically remediate weaknesses in AI system prompts. Hidden instructions in system prompts have emerged as a growing security concern that traditional AppSec tools do not fully address.
System Prompt Hardening provides instant visibility into these behind-the-scenes instructions, identifies weaknesses, and automatically strengthens prompt logic to reduce risk before applications reach production. Powered by Mend.io’s proprietary AI Weakness Enumeration (AIWE), a framework modeled on the Common Weakness Scoring System (CWSS), it assigns a severity score from 1 to 100 to vulnerabilities that could expose applications to prompt injection or unintended data leakage.
According to Gartner, 32% of organizations reported experiencing an attack on AI applications that leveraged the application prompt within the past year, underscoring how quickly the instruction layer has become a viable attack surface. Yet, until now, organizations have lacked a formal way to identify, quantify and prioritize system prompt vulnerabilities. Mend.io’s System Prompt Hardening moves the industry beyond manual red-teaming and ad hoc testing approaches to a standardized framework for managing AI security.
“System prompts are the behavioral blueprint for AI applications, but security standards haven’t kept pace with their growing importance,” said Rami Sass, GM of Mend AI. “While security and development teams have established frameworks like CWE and CWSS to evaluate software risk, we are now introducing System Prompt Hardening and AIWE as the first formal methods to assess and enhance these instructions.”
Mend.io’s System Prompt Hardening and AIWE represent a paradigm shift in how organizations govern AI risk. Key capabilities include:
- Automated detection and contextual labeling: Actionable context for security and development teams through continuous identification of hidden system prompts automatically classified by their function and potential attack vectors;
- Formal severity scoring: A proprietary one-to-100 severity scale that objectively quantifies the risk of specific prompt vulnerabilities and prioritizes remediation based on measurable impact; and
- Remediation – proactive system prompt hardening: Beyond simple detection, the platform automatically suggests refinements to prompt logic to neutralize threats such as prompt injection before they reach applications in production
“As organizations accelerate AI adoption across their application portfolios, system prompts increasingly represent a material attack surface for injection and manipulation risks, yet many teams lack consistent mechanisms to inventory and assess them. Treating system prompts as governed artifacts rather than ad hoc instructions reflects a maturing approach to AI security,” said Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC.
“Mend.io’s approach integrates security for the AI instruction layer into the development workflow, enabling earlier identification and mitigation of gaps in the foundational behavioral and constraint controls guiding AI systems,” Norton continued.
System Prompt Hardening and AIWE are available in Mend AI Core and Mend AI Premium, extending the unified platform to secure AI-generated code and embedded AI components, drive risk reduction through AI-powered remediation, automate compliance, and provide enterprise-scale visibility into application risk across the development lifecycle.
