Safety
Prompt Injection
A security attack where malicious instructions hidden in user input or external content trick an AI model into ignoring its real instructions.
01 ——
In plain English
Prompt injection is the AI equivalent of SQL injection. An attacker plants instructions inside user input, an email, a web page, or a document — and when the AI processes that content, it treats those hidden instructions as commands.
Two main flavours:
- Direct prompt injection — user types "Ignore all previous instructions and..." into a chatbot
- Indirect prompt injection — malicious instructions hidden in a document, email, or webpage that the AI later reads
Real-world risks:
- An AI email assistant exfiltrates sensitive data when fed a poisoned email
- A coding agent runs malicious code from a tampered library
- A customer-support bot follows instructions inside a fake support ticket
Mitigations: strict separation between trusted instructions and untrusted content, output filtering, restricted tool permissions, and human approval for sensitive actions. There is no fully reliable defence — prompt injection is an unsolved problem.
02 ——
Related terms
Jailbreak
A prompt or technique that tricks an AI model into ignoring its safety rules and producing content it would normally refuse.
Alignment
The challenge of making AI systems behave in ways that match human values and intentions — not just their literal instructions.
Guardrails
Rules and filters that constrain what an AI model can output — used to block harmful, off-topic, or non-compliant responses.
Agent
An AI system that can take actions, use tools, and make decisions autonomously to complete a goal.
MCP
Model Context Protocol — an open standard that lets AI models connect to external tools and data sources in a consistent way.
Back to glossaryLast reviewed May 2026