Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Prompt injection
open-in-new
<p>Prompt injection is a <a href="/facts/Cybersecurity/7E5dIy7G">cybersecurity</a> exploit in which adversaries craft inputs that appear legitimate but are designed to cause unintended behavior in <a href="/facts/Machine_learning_model/e0w0XJTu">machine learning models</a>, particularly <a href="/facts/Large_language_model/WnogWVJY">large language models</a> (LLMs). This attack takes advantage of the model's inability to distinguish between developer-defined prompts and user inputs, allowing adversaries to bypass safeguards and influence model behaviour. While LLMs are designed to follow trusted instructions, they can be manipulated into carrying out unintended responses through carefully crafted inputs. </p><p>With capabilities such as <a href="/facts/Web_browsing/VRatDzlP">web browsing</a> and file upload, an LLM not only needs to differentiate from developer instructions from user input, but also to differentiate user input from content not directly authored by the user. LLMs with <a href="/facts/Web_browsing/VRatDzlP">web browsing</a> capabilities can be targeted by indirect prompt injection, where adversarial prompts are embedded within website content. If the LLM retrieves and processes the webpage, it may interpret and execute the embedded instructions as legitimate commands. </p><p>The <a href="/facts/Open_Worldwide_Application_Security_Project/t30EKe8Q">Open Worldwide Application Security Project</a> (OWASP) ranked prompt injection as the top <a href="/facts/Security_risk/tbBEDA0V">security risk</a> in its <i>2025 OWASP Top 10 for LLM Applications</i> <i>report</i>, describing it as a vulnerability that can manipulate LLMs through adversarial inputs. </p>