Prompt injection in government and social services AI

Four adversarial injection surfaces in government and social services AI

1. Benefits eligibility document AI injection (Maximus AI, Tyler Technologies AI, Conduent AI)

Benefits eligibility determination AI processes scanned images of income verification documents — including pay stub photographs, employer wage statement scans, bank statement photograph submissions, tax return document images, self-employment income declaration scans, and asset disclosure form images — through AI-assisted eligibility workflows that determine whether an applicant’s household income and assets fall within the programme eligibility thresholds for Medicaid, SNAP, TANF, and WIC at federal and state levels. Maximus’ AI eligibility determination platform, which administers benefits programmes across more than 30 states under contracts worth over $5 billion, processes applicant document submissions through AI-assisted income extraction, asset verification, and household composition determination tools that generate eligibility recommendations forwarded to caseworkers or, in automated determination systems, directly triggering eligibility approvals without individual caseworker review. Tyler Technologies’ CBOSS AI platform processes benefits eligibility document submissions for state and county human services agencies, integrating AI-assisted income and asset extraction from scanned documents with government case management workflows that track ongoing eligibility recertification, overpayment recovery, and programme compliance for enrolled beneficiaries. Conduent’s AI government services platform processes over 1.2 billion government transactions annually including Medicaid managed care eligibility verifications, EBT benefit balance management transactions, and SNAP eligibility certification record maintenance for state agencies, with AI-assisted document processing workflows that extract eligibility-relevant data from the full range of applicant verification document types submitted through state benefits portals.

The income verification document scan submission pathway is the adversarial injection surface: applicants and household members submit pay stub photographs, bank statement scans, employer letter images, and asset disclosure form photographs through Maximus AI, Tyler Technologies CBOSS AI, and Conduent AI state benefits portal interfaces for AI extraction of income values, asset totals, and household composition data used in eligibility determination. An adversarially crafted income document scan — in which pixel perturbations applied to a pay stub photograph cause Maximus AI to extract a monthly gross income value below the SNAP gross income limit (130% of the federal poverty level, equivalent to $1,580/month for a single-person household in 2026) when the actual pay stub documents monthly gross income that exceeds the SNAP eligibility threshold — can result in a SNAP eligibility determination approving benefits for a household that is in fact above the programme income limit. The same adversarial mechanism applies to Medicaid Modified Adjusted Gross Income (MAGI) eligibility thresholds, TANF income eligibility ceilings set by individual state welfare plans, and WIC income limits (185% of the federal poverty level). The adversarial suppression motivation in benefits eligibility AI is economic: a SNAP household benefit for a family of four averages approximately $800 per month in 2026, a Medicaid enrollment provides health insurance coverage with per-member per-month managed care payments of $400–$800, and TANF cash assistance provides $200–$700 per month depending on state programme design — each creating a meaningful financial incentive for applicants with knowledge of adversarial image manipulation to attempt document-based benefits fraud through the AI document processing pipeline.

SNAP 7 USC §2015 (eligibility requirements and disqualification provisions) and the SNAP Intentional Program Violation (IPV) sanctions framework impose significant consequences for benefits fraud through false statements to the programme: a first SNAP IPV finding results in a 12-month disqualification from SNAP benefits, a second IPV finding results in a 24-month disqualification, and a third IPV finding results in permanent disqualification from SNAP. For Medicaid, 42 USC §1396 (Title XIX of the Social Security Act) and the Medicaid false statements provision at 42 USC §1320a-7b impose criminal penalties of up to $10,000 per false statement and up to 5 years imprisonment for knowingly making false statements to obtain Medicaid benefits. The False Claims Act (31 USC §3729) applies to both direct fraud against federal benefits programmes and to the state agencies and contractors (including Maximus, Tyler Technologies, and Conduent) that administer those programmes: a qui tam relator who identifies that an AI-assisted benefits determination platform was systematically approving ineligible applicants because adversarially manipulated document images were not being scanned for pixel-level manipulation can file a False Claims Act complaint seeking treble damages and civil penalties of $13,946–$27,894 per false claim (2026 FCA penalty schedule). State Medicaid fraud control units (MFCUs), funded under 42 USC §1396b(a)(6), have jurisdiction to investigate and prosecute Medicaid fraud including benefits obtained through AI document manipulation, and state prosecutors have additionally charged AI-assisted benefits fraud under state false statements, welfare fraud, and computer fraud statutes. Threshold: 50–55 for benefits eligibility document AI (SNAP 7 USC §2015, Medicaid 42 USC §1396, TANF 42 USC §601, False Claims Act 31 USC §3729, federal SNAP IPV sanctions, state MFCU referral).

2. Child welfare assessment and home visit AI injection (Tyler Technologies CASES AI, IBM Watson Child Welfare AI, Deloitte AI child services)

Child welfare case management AI processes photographs and images collected during home visit assessments — including site photographs of living conditions, hazard documentation images showing exposed wiring, mold growth, or structural deficiencies, food storage adequacy photographs, sleeping arrangement images, and physical space safety observation photographs — through AI-assisted child protection assessment platforms that inform child protection investigators, foster care licensing workers, and family reunification coordinators in their determination of whether a child’s home environment meets the safety and adequacy standards required for the child to remain in or be returned to parental custody. Tyler Technologies’ CASES AI platform — deployed at child welfare agencies in counties and states across the US — processes home visit assessment images and case documentation photographs through AI-assisted child protection case management tools that generate structured safety assessment outputs integrated with caseworker investigation reports, court filings, and permanency planning documents. IBM Watson Child Welfare AI processes case assessment images, home visit photographs, and risk indicator documentation for state and county child welfare agencies, using AI-assisted risk scoring and safety assessment tools that aggregate multimodal case evidence into structured risk and safety assessment outputs that inform supervisory review and court reporting. Deloitte AI child services practice provides AI-assisted child welfare case management systems to state and county child protective services agencies, incorporating AI image assessment tools that process home visit photographs and living condition evidence images as part of integrated child welfare information systems (CWIS) that feed into court reporting, permanency planning, and performance measurement systems required under federal Title IV-E programme oversight.

The home visit site photograph and living condition assessment image submission pathway is the adversarial injection surface: home visit caseworkers, foster care licensing investigators, and family reunification assessment workers submit photographs of the home environment — living areas, sleeping spaces, kitchen food storage areas, bathroom facilities, exterior property conditions, and identified hazard areas — through Tyler Technologies CASES AI, IBM Watson Child Welfare AI, and Deloitte AI child services platforms for AI assessment of whether the home meets the safety and adequacy standards for child placement. An adversarially crafted home visit photograph — in which pixel perturbations are applied to a photograph showing exposed electrical wiring in a child’s bedroom, black mold growth on bedroom walls, inadequate food storage with visible pest evidence, or physical discipline marks visible in a living area image — can cause Tyler Technologies CASES AI or IBM Watson Child Welfare AI to classify the home environment as meeting the applicable safety standards for child placement when the actual photograph documents a condition that would require the caseworker to initiate a corrective action order, delay foster care approval, or trigger an emergency removal determination. The adversarial suppression motivation in child welfare AI is custodial: parents subject to child protective services investigation, foster care applicants under home licensing review, and family reunification programme participants all have a direct interest in home environment AI assessments that classify their living conditions as safe — and the home visit photograph submission pathway in modern AI-assisted child welfare platforms creates an access point for adversarial image manipulation if the platform does not implement pre-scan integrity verification at the photograph ingestion boundary.

Title IV-E (42 USC §670 et seq., Fostering Connections to Success Act, Family First Prevention Services Act) establishes the federal framework for foster care and adoption assistance, and the Title IV-E requirements for child safety, permanency, and well-being provide the legal backdrop for child welfare home assessment AI determinations: a foster care placement decision or family reunification determination made on the basis of an adversarially manipulated home environment AI assessment that misclassifies an unsafe home as safe creates direct exposure under the due process protections applicable to children in state custody (Youngberg v. Romeo, 457 US 307; DeShaney v. Winnebago County, 489 US 189) and the constitutionally required procedural safeguards in removal and reunification proceedings. The Child Abuse Prevention and Treatment Act (CAPTA, 42 USC §5101 et seq.) requires states receiving CAPTA formula grants to maintain child abuse and neglect investigation standards and to conduct thorough investigations of child abuse and neglect reports — an adversarially manipulated home visit AI that suppresses visible child hazard evidence in the AI-assisted investigation report generates a CAPTA compliance failure that can trigger federal child welfare audit findings and CAPTA grant conditions. The Indian Child Welfare Act (ICWA, 25 USC §1901 et seq.) imposes additional procedural requirements for removal and placement determinations involving children who are members of or eligible for membership in Indian tribes, and ICWA compliance requires that placement decisions be based on accurate assessments of the home environment — an adversarially manipulated home visit AI assessment that misclassifies a home as safe for ICWA-protected child placement creates both federal ICWA compliance exposure and tribal sovereignty concerns that attract additional federal oversight from the Bureau of Indian Affairs and tribal social services agencies. State child welfare statutes imposing mandatory reporting obligations on home visit caseworkers, supervisors, and AI system administrators provide independent criminal exposure for knowing falsification or concealment of child safety evidence in AI-assisted investigation records. Threshold: 50 for child welfare assessment AI (Title IV-E 42 USC §670, CAPTA 42 USC §5101, ICWA 25 USC §1901, state mandatory reporting, due process in removal proceedings).

3. Social Security disability claim medical evidence AI injection (SSA AI, IBM Watson SSA, Maximus DDS AI)

Social Security disability determination AI processes medical evidence document images — including physician report document scans, Residual Functional Capacity (RFC) assessment form photographs, treatment record page images, functional capacity evaluation report scans, psychological assessment report photographs, and medical imaging study report page images — through AI-assisted disability determination workflows at SSA Disability Determination Services (DDS) offices across all 50 states and the District of Columbia to assess whether a claimant meets the Social Security Administration’s disability standards for SSDI (Social Security Disability Insurance, 42 USC §423) or SSI (Supplemental Security Income, 42 USC §1382) benefits. IBM Watson SSA AI processes medical evidence document images and structured medical record data for SSA DDS operations, using AI-assisted medical evidence review and RFC assessment tools that generate structured functional limitation findings used by DDS adjudicators in the five-step sequential evaluation process (20 CFR §404.1520 for SSDI, 20 CFR §416.920 for SSI). Maximus’ DDS AI platform provides AI-assisted disability determination processing for state DDS agencies under SSA contracts, processing medical evidence document scans and physician report photographs through AI-assisted RFC extraction and medical evidence summary tools that generate structured functional capacity findings integrated with the SSA’s electronic claims processing system. Microsoft Azure Government AI and Salesforce Public Sector AI provide cloud infrastructure and workflow management for SSA and state DDS AI-assisted disability determination operations, processing millions of medical evidence document images annually through FedRAMP-authorised government cloud environments with AI document processing workflows integrated with SSA electronic claims systems.

The medical evidence document scan and physician report photograph submission pathway is the adversarial injection surface: disability claimants, their representatives (attorneys, non-attorney representatives, advocacy organisations), and treating physicians submit RFC assessment form scans, physician narrative report photographs, functional capacity evaluation document images, and treatment record page scans through SSA’s evidence submission portals (including the SSA Evidence Portal and state DDS electronic submission systems) for AI medical evidence review and functional capacity extraction. An adversarially crafted RFC assessment form scan — in which pixel perturbations are applied to the physician-completed RFC form in the section documenting the claimant’s maximum sustained work capacity, causing Maximus DDS AI to extract a sedentary or less-than-sedentary functional capacity classification from the form when the physician actually documented a light or medium work capacity — can result in a disability determination that finds the claimant disabled under the SSA Medical-Vocational Guidelines (the “Grid Rules” at 20 CFR Part 404, Subpart P, Appendix 2) when the claimant would in fact be denied under the Grid Rules based on the physician’s actual RFC assessment. The adversarial RFC manipulation mechanism exploits the SSA five-step sequential evaluation: at Step 4 (can the claimant perform past relevant work?) and Step 5 (can the claimant perform any other work in the national economy?), the AI-extracted RFC functional capacity classification is determinative for claimants aged 50 and above under the Medical-Vocational Guidelines, making the RFC extraction step the highest-value adversarial manipulation point in the SSA disability determination AI pipeline. SSDI monthly benefit amounts average approximately $1,540 in 2026 (with 10-year benefit streams worth $180,000+ for claimants in their early 50s), creating a substantial financial incentive for adversarial RFC document manipulation by claimants or their representatives.

Social Security Act criminal fraud provisions at 42 USC §408 (Social Security fraud) impose criminal penalties of up to 5 years imprisonment and fines for knowingly making false statements to obtain Social Security benefits, including disability benefits obtained through falsified RFC assessment documents submitted to SSA or state DDS systems. The SSA Office of Inspector General (SSA OIG) investigates Social Security disability fraud, including fraud involving the submission of falsified or manipulated medical evidence, and refers cases to the Department of Justice for prosecution under 42 USC §408, 18 USC §1001 (false statements to federal agencies), and 18 USC §1341 (mail fraud) where medical evidence was submitted by postal mail. The False Claims Act (31 USC §3729) applies to SSA disability fraud when the false RFC assessment was submitted as part of a pattern of fraudulent claims — disability attorneys and non-attorney representatives who knowingly assist claimants in submitting adversarially manipulated RFC document scans face False Claims Act liability as “persons” who “knowingly present[] a false or fraudulent claim for payment or approval” to the federal government. SSA’s Program Operations Manual System (POMS) DI 22505 (Medical Evidence of Record) and DI 24510 (RFC Assessment) establish the operational standards for medical evidence processing in DDS disability determinations; an SSA DDS or contractor that discovers that its AI medical evidence processing system was generating RFC extractions from adversarially manipulated document images has both an operational obligation to audit prior determinations affected by the compromised AI pipeline and a programme integrity reporting obligation to SSA Central Office under the applicable SSA programme integrity requirements. 20 CFR Part 404 (SSDI regulations) and 20 CFR Part 416 (SSI regulations) additionally provide claimants the procedural right to reconsideration, ALJ hearing, and federal court review of unfavourable disability determinations — a DDS that cannot demonstrate the integrity of its AI medical evidence processing system faces adversarial litigation risk in ALJ and federal court proceedings where claimants contest denials that were generated by an AI pipeline subject to known adversarial manipulation vulnerabilities. Threshold: 50–55 for Social Security disability claim medical evidence AI (42 USC §423 SSDI, 42 USC §1382 SSI, 42 USC §408 criminal penalties, False Claims Act, SSA POMS DI 22505/24510).

4. HUD housing inspection and Section 8 voucher AI injection (HUD AI, Tyler Technologies housing AI, Conduent housing assistance AI)

HUD housing compliance inspection AI processes photographs submitted through AI-assisted Housing Quality Standards (HQS) inspection platforms — including heating system condition photographs, structural integrity images, plumbing fixture photographs, electrical system condition images, pest infestation evidence photographs, sanitation condition images, and overall unit habitability assessment photographs — to determine whether a residential unit meets the HUD Housing Quality Standards (HQS, 24 CFR Part 982, Subpart I) required for Section 8 Housing Choice Voucher Program rental assistance payments, the Low Income Housing Tax Credit (LIHTC) physical condition requirements for compliance with 26 USC §42, and the HUD public housing unit assessment standards for continued public housing authority (PHA) occupancy. Tyler Technologies’ housing AI platform processes housing inspection photographs for public housing authorities and state housing finance agencies using AI-assisted HQS compliance classification and inspection management tools integrated with Tyler Technologies’ government case management and housing assistance administration platforms. Conduent’s housing assistance AI processes housing programme transactions and inspection data for public housing authorities and state housing agencies, with AI-assisted inspection data management tools that process housing unit condition photographs and inspection report images for Section 8 voucher programme administration and compliance monitoring. Microsoft Azure Government AI and Salesforce Public Sector AI provide the cloud AI infrastructure for HUD-funded housing agencies and state housing authorities that use AI-assisted inspection management tools to process the volume of annual inspection photographs generated by Section 8 HQS inspection programmes — with approximately 2.3 million Section 8 voucher-assisted households in 2026, each requiring an annual HQS inspection, the inspection photograph processing volume creates a high-throughput AI document pipeline with significant adversarial surface area.

The housing inspection photograph submission pathway is the adversarial injection surface: HUD-approved inspection contractors, PHA-employed housing inspection officers, and third-party inspection management companies submit housing unit inspection photographs through AI-assisted HQS inspection platforms — including Tyler Technologies housing AI and Conduent housing assistance AI — for AI classification of whether the photographed unit condition meets HUD HQS in each of the 13 HQS inspection categories (sanitary facilities, food preparation and refuse disposal, space and security, thermal environment, illumination and electricity, structure and materials, interior air quality, water supply, lead-based paint, access, site and neighbourhood, sanitary conditions, smoke detectors). An adversarially crafted housing inspection photograph — in which pixel perturbations suppress a heating system failure photograph showing an inoperative boiler or non-functioning furnace in a winter-condition unit, structural damage evidence showing visible roof deck failure or ceiling collapse risk, plumbing deficiency image showing sewage backup or non-functioning toilet, or pest infestation photograph showing visible rodent evidence in food preparation areas — can cause HUD AI inspection platforms to classify the photographed unit as meeting HQS in the affected inspection category when the actual photograph documents a condition that constitutes a “fail” under the applicable HQS category standard and requires the landlord to make corrective repairs before Section 8 rental assistance can be paid to the landlord for that unit. The adversarial suppression motivation in housing inspection AI is rental income driven: Section 8 Housing Choice Voucher rental assistance payments average $1,100–$1,800 per month in major metropolitan areas in 2026, representing the full rent or the majority of rent for the unit — a landlord with a unit that has a heating failure, structural deficiency, or pest infestation that would cause an HQS inspection fail has a direct financial incentive to prevent the HQS fail finding, because the HQS fail suspends Section 8 rental assistance payments until the deficiency is corrected and re-inspected.

HUD Section 8 Housing Quality Standards at 24 CFR Part 982, Subpart I — and specifically 24 CFR §982.401 (HQS performance requirements) and 24 CFR §982.404 (owner and tenant responsibilities for HQS) — require that a Section 8 assisted unit meet HQS at the time of initial lease-up and throughout the assisted tenancy, and that a PHA terminate Housing Assistance Payments (HAP) contract for units that fail HQS and are not corrected within the applicable correction period. An adversarially manipulated HQS AI that classifies a failing unit as passing HQS continues Section 8 HAP payments to the landlord for a unit that does not meet the federal housing quality standards, creating a direct False Claims Act (31 USC §3729) exposure: Section 8 HAP contract payments made to a landlord based on a false HQS compliance certification — whether the falsification was produced by manual inspection fraud or by adversarial manipulation of the AI inspection platform — constitute false claims submitted to a federal programme, with FCA civil penalties of $13,946–$27,894 per false claim and treble damages on the value of the HAP payments made during the period of the false certification. The Fair Housing Act (42 USC §3604) provides additional exposure: HQS failures that are systematically suppressed by adversarially manipulated AI inspection tools in units occupied by protected class members (race, color, national origin, religion, sex, familial status, disability) can constitute Fair Housing Act violations through disparate treatment or disparate impact, creating HUD OIG investigation referral exposure and DOJ Fair Housing Act enforcement risk. LIHTC noncompliance reporting under IRS Form 8823 (26 USC §42) applies to LIHTC-financed units that fail physical condition requirements: an adversarially manipulated AI inspection that suppresses a LIHTC physical noncompliance finding prevents the required Form 8823 filing with the IRS and the state housing finance agency, creating tax credit recapture risk and IRS noncompliance exposure for the LIHTC partnership. HOTMA (Housing Opportunity Through Modernization Act) inspection reform provisions, which streamline HQS inspection procedures for Section 8, do not eliminate the underlying HQS habitability standards or the False Claims Act and Fair Housing Act exposure for units with suppressed HQS deficiencies. Threshold: 50 for HUD housing inspection and Section 8 voucher AI (24 CFR Part 982 HQS, Fair Housing Act 42 USC §3604, False Claims Act 31 USC §3729, LIHTC IRS Form 8823, HUD OIG fraud referral).

Integration: government and social services AI document ingestion with Glyphward pre-scan

Government and social services AI document image ingestion flows from citizen benefits portal document upload APIs and caseworker photograph submission interfaces, SSA evidence portal medical record scan endpoints, HUD and PHA housing inspection photograph management systems, and child welfare case management platform document submission portals into AI benefits eligibility determination, child welfare assessment, disability claim adjudication, and housing compliance classification pipelines. Insert Glyphward’s pre-scan at the ingestion boundary — in all government and social services AI contexts, where False Claims Act, SNAP IPV, Social Security fraud, and child welfare statutory consequences of adversarial document manipulation are categorically significant:

import asyncio
import base64
import hashlib
import os
import uuid
from enum import Enum
from pathlib import Path

import httpx

GLYPHWARD_API_KEY = os.environ["GLYPHWARD_API_KEY"]
GLYPHWARD_SCAN_URL = "https://glyphward.com/v1/scan"

# Government / social services AI — SNAP 7 USC §2015, Medicaid 42 USC §1396,
# TANF 42 USC §601, SSDI 42 USC §423, SSI 42 USC §1382, HUD 24 CFR Part 982,
# Title IV-E 42 USC §670, False Claims Act 31 USC §3729, 42 USC §408 SSA fraud.
# Threshold 52 — federal programme integrity and criminal consequences of false
# negatives (adversarial images passing pre-scan) exceed operational cost of
# false positives (human caseworker review of borderline document scans).
THRESHOLD_GOV_SOCIAL = 52


class GovSocialAIContext(str, Enum):
    BENEFITS_ELIGIBILITY = "benefits_eligibility"  # Maximus AI, Tyler CBOSS, Conduent
    CHILD_WELFARE        = "child_welfare"          # Tyler CASES AI, IBM Watson, Deloitte
    DISABILITY_CLAIM     = "disability_claim"       # SSA AI, IBM Watson SSA, Maximus DDS
    HOUSING_INSPECTION   = "housing_inspection"     # HUD AI, Tyler housing AI, Conduent


async def scan_government_document(
    image_path: str | Path,
    context: GovSocialAIContext,
    agency_id_hash: str,    # SHA-256 of agency FIPS code or programme identifier
    case_hash: str,         # SHA-256 of case number or claimant ID — never raw PII
    document_ref: str,      # e.g. "paystub_jan2026", "rfc_form_dr_jones", "hqs_unit_4b"
    client: httpx.AsyncClient,
) -> dict:
    """
    Scan a government or social services AI document image for adversarial
    injection payloads before forwarding to benefits eligibility AI,
    child welfare case management AI, SSA disability determination AI,
    or HUD housing inspection compliance AI.

    Raises AdversarialGovDocumentError if the Glyphward score meets or
    exceeds the government/social services threshold (52).
    """
    image_bytes = Path(image_path).read_bytes()
    image_b64 = base64.b64encode(image_bytes).decode()
    image_sha256 = hashlib.sha256(image_bytes).hexdigest()
    scan_id = str(uuid.uuid4())

    resp = await client.post(
        GLYPHWARD_SCAN_URL,
        headers={"Authorization": f"Bearer {GLYPHWARD_API_KEY}"},
        json={
            "image": image_b64,
            "source": context.value,
            "metadata": {
                "gov_context": context.value,
                "agency_id_hash": agency_id_hash,
                "case_hash": case_hash,
                "document_ref": document_ref,
                "client_scan_id": scan_id,
                "image_sha256": image_sha256,
            },
        },
        timeout=10.0,
    )
    resp.raise_for_status()
    result = resp.json()

    audit_record = {
        "agency_id_hash": agency_id_hash,
        "case_hash": case_hash,
        "document_ref": document_ref,
        "gov_context": context.value,
        "scan_id": result["scan_id"],
        "client_scan_id": scan_id,
        "image_sha256": image_sha256,
        "score": result["score"],
        "flagged_region": result.get("flagged_region"),
        "threshold": THRESHOLD_GOV_SOCIAL,
        "action": "blocked" if result["score"] >= THRESHOLD_GOV_SOCIAL else "allowed",
    }
    await write_gov_programme_integrity_record(audit_record)

    if result["score"] >= THRESHOLD_GOV_SOCIAL:
        raise AdversarialGovDocumentError(
            f"Government AI document blocked [{context.value}]: "
            f"scan_id={result['scan_id']} score={result['score']} "
            f"agency_hash={agency_id_hash} ref={document_ref}"
        )
    return result


async def write_gov_programme_integrity_record(record: dict) -> None:
    """Persist programme integrity audit record to agency records system (stub)."""
    import json, sys
    print(json.dumps(record), file=sys.stderr)


class AdversarialGovDocumentError(Exception):
    """Raised when a government AI document image exceeds the adversarial injection threshold."""
    pass

Call scan_government_document() with GovSocialAIContext.BENEFITS_ELIGIBILITY for all income verification document scans, bank statement photographs, proof-of-residency images, and asset disclosure form scans before Maximus AI, Tyler Technologies CBOSS AI, or Conduent AI SNAP, Medicaid, TANF, and WIC eligibility determination — this is the highest-volume integration point in the government AI pipeline because benefits eligibility document submissions are continuous across millions of active cases in recertification, redetermination, and initial application workflows. Call with GovSocialAIContext.CHILD_WELFARE for all home visit site photographs, living condition assessment images, and child safety observation photographs before Tyler Technologies CASES AI, IBM Watson Child Welfare AI, or Deloitte AI child services platforms — the child welfare integration is the highest-consequence integration point because adversarial suppression of visible child safety hazards in home visit photographs directly affects child safety determinations in custody, placement, and reunification proceedings. Call with GovSocialAIContext.DISABILITY_CLAIM for all RFC assessment form scans, physician report photographs, functional capacity evaluation document images, and treatment record page scans before SSA AI, IBM Watson SSA, or Maximus DDS AI medical evidence review — retain the scan_id and image_sha256 in the DDS case file as part of the medical evidence processing audit trail required under SSA POMS DI 22505. Call with GovSocialAIContext.HOUSING_INSPECTION for all housing unit condition photographs, heating system images, structural condition photographs, and habitability assessment images before HUD AI, Tyler Technologies housing AI, or Conduent housing assistance AI HQS classification — the Glyphward audit record should be retained as part of the PHA’s Section 8 programme administration records for the HAP contract audit trail under 24 CFR §982.158 (PHA records). The agency_id_hash and case_hash fields must always be SHA-256 hashes of agency and case identifiers — never raw PII or case numbers — to maintain HIPAA and Privacy Act compliance in the Glyphward audit log. Get early access

Coverage matrix

Frequently asked questions

Further reading

• Indirect prompt injection via image — foundational attack pattern underlying all four government and social services AI injection surfaces; covers how adversarial pixel-level perturbations cause AI misclassification through image content manipulation without detectable visual artifacts visible to human document reviewers.
• Prompt injection scanner for document AI — document AI scanning covering the broader class of scanned government form, medical record, and compliance document injection vectors applicable to benefits eligibility, disability determination, and housing compliance AI pipelines.
• Prompt injection in healthcare AI — healthcare AI with overlapping medical evidence document processing and clinical record image adversarial attack vectors directly relevant to SSA disability determination AI and Medicaid eligibility AI medical documentation workflows.
• Free tier — 10 scans/day, no card required — start scanning government AI document images at development volumes before committing to a production plan; no credit card required for the free tier.
• Multimodal AI security testing — comprehensive multimodal AI security testing methodology covering image injection, waveform injection, and document scan adversarial attack surfaces relevant to government and social services AI procurement and FedRAMP security assessment.