What techniques would you use to evaluate the vulnerability of a generative AI system to prompt injection attacks?