AI Wisdom

Prompt Injection

An attack where malicious input manipulates an LLM into ignoring its instructions or leaking system prompts.

In this article

Prompt injection is the #1 security risk in LLM applications (OWASP LLM Top 10). Direct injection embeds instructions in user input; indirect injection hides them in retrieved documents. Defences include input sanitisation, instruction hierarchy, output validation, and dedicated detection models. No single technique is foolproof โ€” defence-in-depth is required.

What it means in practice

Prompt Injection is not just vocabulary; it is a design handle. Use it as a reference point when comparing architecture choices, debugging implementation trade-offs, or explaining system behaviour to another engineer. It matters whenever model output becomes part of a workflow, API call, security boundary, or user-facing decision.

Why engineers care

  • It gives teams a shared name for the behaviour, risk, or architecture choice being discussed.
  • It helps separate the goal from the implementation detail, so you can compare alternatives instead of copying a tool pattern blindly.
  • It creates a useful checklist for reviews: inputs, outputs, failure modes, ownership, cost, latency, and measurement.

Production watch-outs

Do not rely on prompt wording as the only control. Validate inputs, validate outputs, log decisions, and define what happens when the model refuses or produces invalid data.

Related context

Useful neighbouring concepts: Guardrails, System Prompt, LLM Security.

Discussion

Sign in to share your feedback and join the discussion.