Prompt injection

Prompt injection is the LLM-era analogue of SQL injection: once a model processes attacker-controlled text, that text can override the developer's instructions. Indirect injection — payloads hidden in retrieved or browsed content — is especially hard to defend. There is no robust general fix; the linked findings document direct, indirect and exfiltration variants.

Findings (2)

Data exfiltration through prompt injection in agentsSafetyCritical
Indirect prompt injection via retrieved contentPrompt injectionCritical

Methods

🔬 Prompt-injection & jailbreak testing

References

Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection — arXiv
OWASP Top 10 for Large Language Model Applications — OWASP
Prompt injection: what’s the worst that can happen? — Simon Willison’s Weblog

Cite this

Qlarify Labs. (2026). Prompt injection. Retrieved from https://labs.qlarify.fi/topics/prompt-injection