🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Prompt Injection

Prompt injection happens when untrusted input is interpreted as instruction for large language model (LLM) systems. This is misused to inject malformed instructions and bypass the AI system restrictions, policies and disclose sensitive data.

The root cause of the problem is mixture of data and system instructions.

Remediation

  • Utilise token preventative feature that comes with some API (see OpenAI API stop parameter.
  • Provide a more restrictive system instructions.

NOTE: At the time of writing the remediation for prompt injection is an open problem and there is no best practice security recommendation.

Metadata

  • Severity: high
  • Slug: prompt-injection

CWEs

  • 94: Improper Control of Generation of Code ('Code Injection')
  • 1427: Improper Neutralization of Input Used for LLM Prompting

OWASP

  • A03:2021: Injection
  • LLM01:2025: Prompt Injection

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.