What happened
The Center for Internet Security (CIS) released a new report on April 1, 2026 warning that prompt injection attacks are a serious and growing threat. The report documents how threat actors hide malicious instructions in documents, emails, and websites that AI tools access, leading to data theft, unauthorized access, and operational disruption. It notes documented prompt injection attempts grew approximately 340% year-over-year in Q4 2025.
Why it matters
With OWASP ranking prompt injection as the #1 LLM risk and CIS now providing practical mitigation guidance, organisations have an authoritative reference for building AI security controls. The 340% growth rate signals this is no longer a theoretical concern.
Action needed
Download the CIS report and use it to benchmark your GenAI deployment controls. Ensure data access controls, human-in-the-loop safeguards, and input validation are in place for all production AI systems.