Prompt Injection Risk Is High If Users Control Any Input That Reaches Your LLM
If users can type anything that eventually reaches your LLM, they can attempt to override your system prompt, extract your data, or redirect your AI’s behavior.
By Contributor · published 5/30/2026
In plain English
Protect your app by assuming any text a user types could be used to trick your AI into leaking data or ignoring your rules. Always separate your core instructions from user-provided content to keep your business information and logic secure.
Prompt injection is ranked #1 on the [OWASP Top 10 for LLM Applications 2025](https://genai.owasp.org/llmrisk/llm01-prompt-injection/). A prompt injection attack occurs when user-supplied input contains instructions that override or manipulate the LLM’s behavior — bypassing your system prompt, leaking internal data, or causing the model to perform unintended actions.
This is not a theoretical attack. If your app:
- Summarizes user-uploaded documents
- Answers questions about user-provided data
- Processes emails, support tickets, or form submissions with an LLM
…it has a prompt injection surface.
## Why it matters
A successfully injected prompt can expose your system prompt, your business logic, or your users’ data. As AI systems are increasingly granted access to tools, databases, and external services, the impact surface grows.
## Suggested next action
For any feature where user input reaches an LLM, add structural delimiters separating the system prompt from user content. Test by attempting your own injection attack.
Related coverage
Articles, podcasts, social threads, and videos about this signal — curated by the community and voted on by builders.