◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Prompt injection

Definition
An attack where a malicious instruction is hidden inside text that an AI reads — such as a document, email, or web page — tricking the AI into ignoring its original instructions and doing what the attacker wants instead. Think of it as the AI equivalent of forging a memo from the CEO and slipping it into an employee's inbox. The AI cannot reliably tell the difference between legitimate instructions from its operators and forged ones from an attacker.
Why it matters
Any AI that reads or summarises external content — customer emails, web pages, uploaded documents — is a potential target. A successful attack can cause the AI to leak confidential data, take unauthorised actions, or spread misinformation, all without the user or operator realising it.
Demonstrated by recent findings
StakeBench: No Production Web Agent Consistently Blocks Prompt Injection — Direct Attacks Succeed 79%+ Across GPT-5 and Gemini in 3,168 SimulationsIndirect Prompt Injection Is Architectural, Not Deployment-Specific — Brave Demonstrates Attacks Against Cloud and Local AI ToolsCross-Session Stored Prompt Injection in Agentic Systems — Persistent Injections Survive Session Termination, Silently Influencing Future ExecutionsGitInject: Multi-University Research Confirms All Major AI CI/CD Providers Vulnerable to Prompt Injection — Eleven Named Attack Classes Documented
References
OWASP Top 10 for LLM Applications — LLM01: Prompt InjectionNIST CSRC Glossary: Prompt Injection
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →