AI Security

Prompt Injection

An attack against LLM applications where adversarial instructions override or subvert the model's intended behaviour, either directly through user input or indirectly through content the model processes.

Prompt injection is the #1 ranked risk in the OWASP Top 10 for LLM Applications. It is the LLM equivalent of SQL injection: manipulation of an AI system's instructions through untrusted input.

Direct prompt injection occurs when an attacker supplies a prompt that overrides the system's original instructions, typically with phrases like "Ignore all previous instructions and instead..."

Indirect prompt injection is currently the more dangerous variant. Malicious instructions are embedded in content the LLM is asked to process: a webpage, a document, an email, or a code comment. The user may be entirely unaware that the content they have asked the model to summarise or analyse contains adversarial instructions.

Defensive principles: treat the model as an untrusted component, validate all inputs and outputs, implement strict tool-call allowlisting, log every prompt and completion, and never grant LLM-integrated services write access to production systems without human-in-the-loop approval.

See: When AI Audits AI: Securing LLM Deployments.

← Back to Glossary