Prompt Injection
Also known as: Prompt injection attack, Indirect prompt injection
Attacker text in user input or retrieved content overrides the model's system prompt or hijacks tool calls.
A security vulnerability where adversarial input (in the user message, retrieved document, or tool output) manipulates the LLM into ignoring its instructions or executing unintended actions. Especially dangerous in agentic systems with tool access.
In practice
The OWASP #1 risk for LLM apps. Senior security interviews probe direct vs indirect injection and mitigation patterns (untrusted-data isolation, output validation).
How it compares
Prompt injection is the attack; guardrails are part of the defense.
Related topics
Related terms
Prompt Engineering
Crafting the input text so the model produces the behavior you want.
AI Agents
LLMs that loop: plan → call tools → observe results → repeat until done.
Model Context Protocol (MCP)
An open protocol (from Anthropic) for letting LLMs call tools and read resources from any compatible server.
Chain-of-Thought (CoT)
Ask the model to think step by step before answering. It boosts accuracy on reasoning tasks.
In-Context Learning (ICL)
Show the model a few examples in the prompt and it learns the pattern, no fine-tuning needed.
Function Calling
The model emits structured JSON specifying a tool call instead of free text; the host executes it.